Analysis Date2015-10-03 06:03:24
MD506d64529bca617d7e639b5c365e135d9
SHA1096dda45cb756d42fb26e7875e3bee5e4cd88d69

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: eb6154c9ad8ac2564983eb1573362f37 sha1: e58eb07616a1f999af4cc88b0bd69ea1e9b02f27 size: 91648
Section.data md5: 58a55c2eefb98afa8bd5c2416f1051d8 sha1: c36c59f0d8492702a2e6edf9fc9113f6035f5062 size: 13824
Timestamp2014-05-31 12:57:47
PackerBorland Delphi 3.0 (???)
PEhash116a987b94742dc2dc70da2f65af8769a0798806
IMPhashcc409225ca1dea2fbd99a60a57a52e8c
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeCutwail-FECR!06D64529BCA6
AVAvira (antivir)TR/Proxy.Gen
AVTwisterTrojan.446D24FB70BA17E3
AVAd-AwareTrojan.Inject.IA
AVAlwil (avast)Cutwail-CW [Trj]
AVEset (nod32)Win32/Wigon.DC
AVGrisoft (avg)Generic28.BMKU
AVSymantecTrojan.Pandex!gm
AVFortinetW32/Cutwail.RU!tr
AVBitDefenderTrojan.Inject.IA
AVK7Trojan ( 003acb9d1 )
AVMicrosoft Security EssentialsTrojan:Win32/Dorv.B!rfn
AVMicroWorld (escan)Trojan.Inject.IA
AVMalwareBytesError Scanning File
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusGen.Trojan
AVEmsisoftTrojan.Inject.IA
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_WIGON.SM
AVCAT (quickheal)Trojan.Generic.01761
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Inject.IA
AVArcabit (arcavir)Trojan.Inject.IA
AVClamAVno_virus
AVDr. WebBackDoor.Bulknet.739
AVF-SecureTrojan.Inject.IA

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort ➝
65534
Creates File\Device\Afd\Endpoint
Creates Mutexcstslz48364

Network Details:

DNSmxs.mail.ru
Type: A
94.100.180.150
DNSmxs.mail.ru
Type: A
217.69.139.150
DNSalt4.gmail-smtp-in.l.google.com
Type: A
64.233.166.27
DNSgmail-smtp-in.l.google.com
Type: A
64.233.177.27
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.72
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.73
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.74
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.75
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.70
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.71
DNSmail7.digitalwaves.co.nz
Type: A
Flows TCP192.168.1.1:1031 ➝ 94.100.180.150:25
Flows TCP192.168.1.1:1032 ➝ 64.233.166.27:25
Flows TCP192.168.1.1:1033 ➝ 64.233.177.27:25

Raw Pcap

Strings