Analysis Date2016-02-05 16:37:30
MD57e5fd55e316112c31d126a2ea805b5bb
SHA1073aec6a72f24be5c0231b846286b6b6972850e9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: afc290a264a1e858e9ffe0cb9203c660 sha1: 6dfdf7b594907a0b74414b596d3b10392da5c9fb size: 39424
Section.rdata md5: e80a902d8dd3b5861d95fbc00edaaa39 sha1: f05c5e219f5154b9d563022ea5885da77ba27db8 size: 9216
Section.data md5: db8572b18857c4d196864d43aabfe4d8 sha1: fb790810f93381e13cf8fd83605026a9c40d79ea size: 4096
Section.fggd md5: 153bdce7201057f9efc74d89090aeca0 sha1: f325e385095859836f6bf36f95827ddb9578d5fc size: 23040
Section.hgse md5: 9e5c6e2a29ef22387819a377742c65f1 sha1: 862f49c51000ed42faf21321e996f7e79297968c size: 5632
Section.rsrc md5: 8971547dfb992c730351c2702ab37a3d sha1: 593917ded512cedaf674a7f7e42eb0b12694afe6 size: 1024
Section.reloc md5: ff9b06e25117ea6f82fff541c6a0c5f9 sha1: 659fe2eecca4b2872ffbb25d45f32e172ad35626 size: 3584
Timestamp2015-09-20 01:00:57
VersionCompanyName: serdjgheru
PackerMicrosoft Visual C++ ?.?
PEhashc1c59865afe07f55e378d790d0c779299b126d36
IMPhash9a0b622db4d13d8c51c2434b257a0f4b
AVFortinetW32/Kryptik.DYFJ!tr
AVCAT (quickheal)Worm.Gamarue.WR6
AVMicroWorld (escan)Trojan.Agent.BMSI
AVTrend MicroRansom_.0A217DD0
AVSymantecTrojan.Gen
AVAuthentiumW32/S-177bdd36!Eldorado
AVArcabit (arcavir)Trojan.Agent.BMSI
AVCA (E-Trust Ino)No Virus
AVFrisk (f-prot)No Virus
AVBullGuardTrojan.Agent.BMSI
AVVirusBlokAda (vba32)Backdoor.Androm
AVTwisterNo Virus
AVKasperskyBackdoor.Win32.Androm.igvd
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVRisingNo Virus
AVDr. WebTrojan.Siggen.65341
AVMcafeeRDN/Generic BackDoor
AVIkarusVirus.Win32.Cryptor
AVClamAVNo Virus
AVF-SecureTrojan.Agent.BMSI
AVK7Trojan ( 004d259b1 )
AVAd-AwareTrojan.Agent.BMSI
AVMalwareBytesRansom.CryptoWall
AVZillya!Backdoor.Androm.Win32.27857
AVEset (nod32)Win32/Kryptik.DXSG
AVAvira (antivir)TR/Kryptik.abbojp
AVBitDefenderTrojan.Agent.BMSI
AVEmsisoftTrojan.Agent.BMSI
AVGrisoft (avg)Crypt4.CLDE
AVAlwil (avast)Win32:Malware-gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
91.212.112.71
DNSeurope.pool.ntp.org
Type: A
129.250.35.251
DNSeurope.pool.ntp.org
Type: A
193.219.28.2
DNSeurope.pool.ntp.org
Type: A
212.47.239.163
DNSnorth-america.pool.ntp.org
Type: A
38.229.71.1
DNSnorth-america.pool.ntp.org
Type: A
98.213.66.22
DNSnorth-america.pool.ntp.org
Type: A
206.108.0.132
DNSnorth-america.pool.ntp.org
Type: A
209.244.0.3
DNSsouth-america.pool.ntp.org
Type: A
190.15.141.64
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
201.49.148.135
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSasia.pool.ntp.org
Type: A
103.245.79.18
DNSasia.pool.ntp.org
Type: A
160.16.101.116
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
78.111.50.52
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
103.242.68.69
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
202.22.158.30
DNSafrica.pool.ntp.org
Type: A
196.41.127.42
DNSafrica.pool.ntp.org
Type: A
197.82.150.123
DNSafrica.pool.ntp.org
Type: A
41.73.42.10
DNSafrica.pool.ntp.org
Type: A
41.78.128.17
DNSpool.ntp.org
Type: A
128.138.141.172
DNSpool.ntp.org
Type: A
138.236.128.112
DNSpool.ntp.org
Type: A
173.44.32.10
DNSpool.ntp.org
Type: A
184.105.182.7

Raw Pcap

Strings