Analysis Date2015-07-22 19:28:17
MD5630eb38d18f47843abf7bab98802c7a2
SHA104fd9a813efe37d0c73209c11cb8eed91031da9c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 41a3413ce7a91cb7b6b5b70d4260adc1 sha1: ab1d4535155557c8cb92c2710acb3c4f70f0e395 size: 436224
Section.rdata md5: e8ed3b213ec4fa188fb427ea69c9f4c9 sha1: f5f500569a0be8c943ec232ed4ab682a6f333361 size: 512
Section.data md5: e87369dbceb444c91822e07f840720e4 sha1: 46684a8b1d0414f4b1bdb1dfa9c0b3903def0bdf size: 512
Timestamp2015-01-06 00:36:08
PEhashcfe629b66a323828e8c408429782e47094cc7061
IMPhashc4590b494fcdaef94092616dbaf9bc0a
AVRisingTrojan.Win32.PolyRansom.a
AVCA (E-Trust Ino)Win32/Nabucur.C
AVF-SecureWin32.Virlock.Gen.1
AVDr. WebWin32.VirLock.10
AVClamAVno_virus
AVArcabit (arcavir)Win32.Virlock.Gen.1
AVBullGuardWin32.Virlock.Gen.1
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Ransom.VirLock.A2
AVTrend MicroPE_VIRLOCK.B-O
AVKasperskyVirus.Win32.PolyRansom.b
AVZillya!Virus.Virlock.Win32.1
AVEmsisoftWin32.Virlock.Gen.1
AVIkarusVirus.Win32.Virlock
AVFrisk (f-prot)no_virus
AVAuthentiumW32/S-4ff147e2!Eldorado
AVMalwareBytesTrojan.VirLock
AVMicroWorld (escan)Win32.Virlock.Gen.1
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.C
AVK7Trojan ( 0040f9f31 )
AVBitDefenderWin32.Virlock.Gen.1
AVFortinetW32/Zegost.ATDB!tr
AVSymantecno_virus
AVGrisoft (avg)Generic_r.EKW
AVEset (nod32)Win32/Virlock.I virus
AVAlwil (avast)Vunder [Trj]
AVAd-AwareWin32.Virlock.Gen.1
AVTwisterW32.PolyRansom.b.brnk.mg
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVMcafeeW32/VirRansom.b!630EB38D18F4

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\19dd_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1332 -e 136 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1332 -e 136 -g

Network Details:


Raw Pcap

Strings