Analysis | #totalhash

Analysis Date	2016-02-05 16:37:30
MD5	7e5fd55e316112c31d126a2ea805b5bb
SHA1	073aec6a72f24be5c0231b846286b6b6972850e9

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: afc290a264a1e858e9ffe0cb9203c660 sha1: 6dfdf7b594907a0b74414b596d3b10392da5c9fb size: 39424
Section	.rdata md5: e80a902d8dd3b5861d95fbc00edaaa39 sha1: f05c5e219f5154b9d563022ea5885da77ba27db8 size: 9216
Section	.data md5: db8572b18857c4d196864d43aabfe4d8 sha1: fb790810f93381e13cf8fd83605026a9c40d79ea size: 4096
Section	.fggd md5: 153bdce7201057f9efc74d89090aeca0 sha1: f325e385095859836f6bf36f95827ddb9578d5fc size: 23040
Section	.hgse md5: 9e5c6e2a29ef22387819a377742c65f1 sha1: 862f49c51000ed42faf21321e996f7e79297968c size: 5632
Section	.rsrc md5: 8971547dfb992c730351c2702ab37a3d sha1: 593917ded512cedaf674a7f7e42eb0b12694afe6 size: 1024
Section	.reloc md5: ff9b06e25117ea6f82fff541c6a0c5f9 sha1: 659fe2eecca4b2872ffbb25d45f32e172ad35626 size: 3584
Timestamp	2015-09-20 01:00:57
Version	CompanyName: serdjgheru
Packer	Microsoft Visual C++ ?.?
PEhash	c1c59865afe07f55e378d790d0c779299b126d36
IMPhash	9a0b622db4d13d8c51c2434b257a0f4b
AV	Fortinet	W32/Kryptik.DYFJ!tr
AV	CAT (quickheal)	Worm.Gamarue.WR6
AV	MicroWorld (escan)	Trojan.Agent.BMSI
AV	Trend Micro	Ransom_.0A217DD0
AV	Symantec	Trojan.Gen
AV	Authentium	W32/S-177bdd36!Eldorado
AV	Arcabit (arcavir)	Trojan.Agent.BMSI
AV	CA (E-Trust Ino)	No Virus
AV	Frisk (f-prot)	No Virus
AV	BullGuard	Trojan.Agent.BMSI
AV	VirusBlokAda (vba32)	Backdoor.Androm
AV	Twister	No Virus
AV	Kaspersky	Backdoor.Win32.Androm.igvd
AV	Microsoft Security Essentials	Worm:Win32/Gamarue!rfn
AV	Rising	No Virus
AV	Dr. Web	Trojan.Siggen.65341
AV	Mcafee	RDN/Generic BackDoor
AV	Ikarus	Virus.Win32.Cryptor
AV	ClamAV	No Virus
AV	F-Secure	Trojan.Agent.BMSI
AV	K7	Trojan ( 004d259b1 )
AV	Ad-Aware	Trojan.Agent.BMSI
AV	MalwareBytes	Ransom.CryptoWall
AV	Zillya!	Backdoor.Androm.Win32.27857
AV	Eset (nod32)	Win32/Kryptik.DXSG
AV	Avira (antivir)	TR/Kryptik.abbojp
AV	BitDefender	Trojan.Agent.BMSI
AV	Emsisoft	Trojan.Agent.BMSI
AV	Grisoft (avg)	Crypt4.CLDE
AV	Alwil (avast)	Win32:Malware-gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Process	C:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates File	PIPE\lsarpc
Creates File	\Device\Afd\Endpoint
Winsock DNS	pool.ntp.org
Winsock DNS	north-america.pool.ntp.org
Winsock DNS	africa.pool.ntp.org
Winsock DNS	oceania.pool.ntp.org
Winsock DNS	asia.pool.ntp.org
Winsock DNS	south-america.pool.ntp.org
Winsock DNS	europe.pool.ntp.org

Network Details:

DNS	europe.pool.ntp.org Type: A 91.212.112.71
DNS	europe.pool.ntp.org Type: A 129.250.35.251
DNS	europe.pool.ntp.org Type: A 193.219.28.2
DNS	europe.pool.ntp.org Type: A 212.47.239.163
DNS	north-america.pool.ntp.org Type: A 38.229.71.1
DNS	north-america.pool.ntp.org Type: A 98.213.66.22
DNS	north-america.pool.ntp.org Type: A 206.108.0.132
DNS	north-america.pool.ntp.org Type: A 209.244.0.3
DNS	south-america.pool.ntp.org Type: A 190.15.141.64
DNS	south-america.pool.ntp.org Type: A 200.160.0.8
DNS	south-america.pool.ntp.org Type: A 201.49.148.135
DNS	south-america.pool.ntp.org Type: A 186.103.182.15
DNS	asia.pool.ntp.org Type: A 103.245.79.18
DNS	asia.pool.ntp.org Type: A 160.16.101.116
DNS	asia.pool.ntp.org Type: A 62.201.225.9
DNS	asia.pool.ntp.org Type: A 78.111.50.52
DNS	oceania.pool.ntp.org Type: A 103.242.68.68
DNS	oceania.pool.ntp.org Type: A 103.242.68.69
DNS	oceania.pool.ntp.org Type: A 130.102.2.123
DNS	oceania.pool.ntp.org Type: A 202.22.158.30
DNS	africa.pool.ntp.org Type: A 196.41.127.42
DNS	africa.pool.ntp.org Type: A 197.82.150.123
DNS	africa.pool.ntp.org Type: A 41.73.42.10
DNS	africa.pool.ntp.org Type: A 41.78.128.17
DNS	pool.ntp.org Type: A 128.138.141.172
DNS	pool.ntp.org Type: A 138.236.128.112
DNS	pool.ntp.org Type: A 173.44.32.10
DNS	pool.ntp.org Type: A 184.105.182.7

Raw Pcap

Strings