Analysis Date2015-11-01 14:41:54
MD5cb7056cc8d2adca8da494b540f102869
SHA105a6a19100387e7f4b330af64201ad341161d93d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b0016e2a2a52db7766183ec95373d3d0 sha1: 41f12fb765f42e65c249eb199b113e38155f4ca3 size: 106496
Section.rdata md5: a9fc6181b02664e649e1bd0d3c995646 sha1: da021c9aace97235110c1d0280c9f7b5033b3f00 size: 24576
Section.data md5: 15d56538fe0fd73c88db9e95aa2907f4 sha1: 6ed24db711b539b3ef5ba5dc03f774a6d2b1ef0d size: 20480
Timestamp2015-09-19 11:17:22
Pdb pathc:\Set\shape\Came\perhaps\Hunt\wild\noticeseason.pdb
PackerMicrosoft Visual C++ ?.?
PEhash2953ec841dfeae55cad90f5a87b827b2a1953277
IMPhash21f75f103513113dbc244d720eb312c2
AVAd-AwareTrojan.Rajbot.Gen.1
AVGrisoft (avg)Crypt4.CNGR
AVCAT (quickheal)no_virus
AVIkarusTrojan.Win32.Crypt
AVAvira (antivir)TR/AD.Gamarue.Y.1412
AVK7Trojan ( 004d00431 )
AVClamAVWin.Trojan.Rajbot-3
AVKasperskyTrojan.Win32.Wauchos.ar
AVArcabit (arcavir)Trojan.Rajbot.Gen.1
AVMalwareBytesno_virus
AVDr. WebBackDoor.Andromeda.614
AVMcafeeno_virus
AVBitDefenderTrojan.Rajbot.Gen.1
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVEmsisoftTrojan.Rajbot.Gen.1
AVMicroWorld (escan)Trojan.Rajbot.Gen.1
AVAlwil (avast)MalOb-LV [Cryp]
AVPadvishno_virus
AVEset (nod32)Win32/Kryptik.DZAN
AVRisingno_virus
AVBullGuardTrojan.Rajbot.Gen.1
AVFortinetW32/Kryptik.DXWV!tr
AVSymantecDownloader.Dromedan
AVAuthentiumW32/Downloader.MQTQ-3178
AVTrend Microno_virus
AVFrisk (f-prot)no_virus
AVTwisterTrojan.Girtk.DZAN.vmnv
AVCA (E-Trust Ino)no_virus
AVVirusBlokAda (vba32)Backdoor.Androm
AVF-SecureTrojan:W32/Gamarue.F
AVZillya!Trojan.Kryptik.Win32.796013

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
217.79.181.50
DNSeurope.pool.ntp.org
Type: A
78.46.81.38
DNSeurope.pool.ntp.org
Type: A
78.47.148.174
DNSeurope.pool.ntp.org
Type: A
85.195.93.214
DNSnorth-america.pool.ntp.org
Type: A
66.228.59.187
DNSnorth-america.pool.ntp.org
Type: A
70.83.139.168
DNSnorth-america.pool.ntp.org
Type: A
107.170.242.27
DNSnorth-america.pool.ntp.org
Type: A
24.84.16.83
DNSsouth-america.pool.ntp.org
Type: A
190.15.141.64
DNSsouth-america.pool.ntp.org
Type: A
66.60.22.202
DNSsouth-america.pool.ntp.org
Type: A
186.71.75.78
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSasia.pool.ntp.org
Type: A
157.7.154.134
DNSasia.pool.ntp.org
Type: A
211.233.84.186
DNSasia.pool.ntp.org
Type: A
218.189.210.3
DNSasia.pool.ntp.org
Type: A
103.245.79.18
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
45.114.116.62
DNSoceania.pool.ntp.org
Type: A
59.167.227.65
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSafrica.pool.ntp.org
Type: A
196.223.19.3
DNSafrica.pool.ntp.org
Type: A
41.73.42.10
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSafrica.pool.ntp.org
Type: A
154.127.59.231

Raw Pcap

Strings