Analysis Date2017-07-14 12:57:33
MD5cc48282a0168345bfd4a2be01c9f35f1
SHA10ceba3864695ed62e220cb61e91735e43c348248

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7f4cdbea03fb6799aa7dad81cbdb00cb sha1: 9665e1f1785eb1b1d64ef625b209ab5fda53d7c6 size: 5120
Section.data md5: 44126fe89a0f90f47b1506c312351966 sha1: bf7da0f40bee60281e8c2d032573bf3b0b0a9c7d size: 1024
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: 6517aac741709c10d56d434cec26ea61 sha1: 8292529dcbdfca2029691b5cedd75bc83fddf1aa size: 11264
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash04930d2edd8605e40a9ff8eeae9bbfa3
AV360 SafeNo Virus
AVAd-AwareTrojan.Agent.BCNT
AVAlwil (avast)Agent-AUID [Trj]
AVArcabit (arcavir)Trojan.Agent.BCNT
AVAuthentiumW32/Trojan.PPNV-5690
AVAvira (antivir)TR/Downloader.A.4431
AVBitDefenderTrojan.Agent.BCNT
AVBullGuardTrojan.Agent.BCNT
AVCA (E-Trust Ino)Trojan.Agent.BCNT
AVCAT (quickheal)TrojanDownloader.Upatre.A4
AVClamAVWin.Trojan.Agent-1109385
AVDr. WebTrojan.DownLoad3.28161
AVEmsisoftTrojan.Agent.BCNT
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVF-SecureTrojan-Downloader:W32/Upatre.I
AVFortinetW32/Kryptik.OOU!tr
AVFrisk (f-prot)W32/Trojan3.HZP
AVGrisoft (avg)Crypt_s.GHA
AVIkarusTrojan-Spy.Agent
AVK7Trojan-Downloader ( 0048f6391 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Agent.FPD
AVMcafeeDownloader-FSH!CC48282A0168
AVMicroWorld (escan)Trojan.Agent.BCNT
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Bublik.cwgvif
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Necurs
AVSymantecTrojan.Zbot
AVTrend MicroTROJ_UPATRE.SMJ9
AVTwisterTrojanDldr.Waski.A.wted
AVVirusBlokAda (vba32)Trojan.Bublik
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Trojan.Bublik.Win32.13497

Runtime Details:

Screenshot

Process
↳ C:\0ceba3864695ed62e220cb61e91735e43c348248.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\0ceba3864695ed62e220cb61e91735e43c348248.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\senca.exe
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\senca.exe
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\senca.exe
Creates Mutex
Creates MutexZonesCounterMutex
Creates MutexZonesCacheCounterMutex
Creates MutexZonesLockedCacheCounterMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\Admin\Local Settings\Temp\senca.exe ➝
senca\\x00

Process
↳ C:\DOCUME~1\Admin\Local Settings\Temp\senca.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\senca.exe
Creates FileC:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Admin\Cookies\index.dat
Creates FileC:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat
Creates Filec:\autoexec.bat
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths ➝
4
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache1\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache2\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache3\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath ➝
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Cache4\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit ➝
81830
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData ➝
C:\Documents and Settings\All Users\Application Data\\x00
Creates Mutexc:!documents and settings!admin!local settings!temporary internet files!content.ie5!
Creates Mutexc:!documents and settings!admin!cookies!
Creates Mutexc:!documents and settings!admin!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutex
Creates Mutex
Creates MutexRasPbFile

Network Details:


Raw Pcap

Strings
QQhN
5@A@
SWPW
SWPV
QShh
OZ$xP
0,%.P<0%
WAVAf9
Z3xU
Z{<O
,VSW
QG=A
QZ J
6m8v
qr"^
%S*B
@y;j
K@Om
;x5e
QZ J
I{ M
Fr<]
Qr=@
4_v^
fx!@
Pr<Z
Q@Og
?|5{
IrOg
?|$r
$d'K
@t:Z
[7,{
36I[
Xk 3
Wr<]
SGZS$
ZbtG
V7+A
Dg?B
5fY=
Fv&\
Qr!Z
Dy;A
Ph0@@
5L0@
=H0@
posteriority
RegisterClassW
GetWindowTextW
PostMessageW
SetWindowTextW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
DefWindowProcW
ShowWindow
UpdateWindow
USER32.dll
GetStartupInfoA
ReadFile
WriteFile
FindNextFileW
CreateFileW
FindFirstFileW
CloseHandle
HeapCreate
FindClose
LoadLibraryW
GetModuleHandleW
KERNEL32.dll
COMCTL32.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
	version="1.0.0.0"
	processorArchitecture="*"
	name="Company.Product.Name"
	type="win32"
<description></description>
<dependency>
	<dependentAssembly>
		<assemblyIdentity
			type="win32"
			name="Microsoft.Windows.Common-Controls"
			version="6.0.0.0"
			processorArchitecture="*"
			publicKeyToken="6595b64144ccf1df"
			language="*"
		/>
	</dependentAssembly>
</dependency>
</assembly>