Analysis Date2016-02-05 03:51:14
MD5722f07ef74f214eca533623ff5a69c46
SHA10fa98faf705681b9cf27b1156f28d425eb85a84d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ce3a7e32145cda024223a4fbdbefb03a sha1: a2321e38e3d46a94a1ebe9124143d757553e1e2c size: 28160
Section.rdata md5: 3b7552ec5c4c2f8d4dcbc3f6ce86e561 sha1: dd6d0314b50e5a7e8a94de8b0d51e3a5a87a3681 size: 9728
Section.data md5: 98e14202edafe1d87886645d21b9c4c5 sha1: de017b6c17ed7045d1e0ef442bf3ebbcd9465b4f size: 8704
Section.trhdtr md5: 5470b55716de749168885657c9d9c8e9 sha1: 157cf4c5baa44a887679ca48e3cacb8cca84802e size: 31232
Section.reloc md5: 0150951f6f0b13122e794e9833d8de9a sha1: f6a7bdaf826a74f8ae09e209ce058857866141ef size: 3072
Timestamp2015-11-04 01:39:41
PackerMicrosoft Visual C++ ?.?
PEhasha36ab282eb16fd73f8881165932dcfaeadb0678d
IMPhash6bea9c8abcc2e0cd8b3d88d260b91848
AVRisingNo Virus
AVMcafeeRDN/Generic BackDoor
AVAvira (antivir)TR/AD.Gamarue.Y.1563
AVTwisterTrojan.Girtk.EDJW.gmgj
AVAd-AwareTrojan.Agent.BNYE
AVAlwil (avast)Dorder-E [Trj]
AVEset (nod32)Win32/Kryptik.EDJW
AVGrisoft (avg)Crypt5.JGA
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.EEAE!tr
AVBitDefenderTrojan.Agent.BNYE
AVK7Trojan ( 004d5dd61 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVMicroWorld (escan)Trojan.Agent.BNYE
AVMalwareBytesWorm.Gamarue
AVAuthentiumW32/S-d1a8399f!Eldorado
AVEmsisoftTrojan.Agent.BNYE
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Crypt
AVZillya!No Virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroNo Virus
AVVirusBlokAda (vba32)Backdoor.Androm
AVCAT (quickheal)Worm.Gamarue.WR6
AVBullGuardTrojan.Agent.BNYE
AVArcabit (arcavir)Trojan.Agent.BNYE
AVClamAVNo Virus
AVDr. WebTrojan.DownLoader17.40602
AVF-SecureTrojan.Agent.BNYE
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Policies\Explorer\Run\317606753 ➝
"C:\Documents and Settings\All Users\msvgqh.exe"\\x00
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\Windows\Load ➝
\\x00
Creates FileC:\Documents and Settings\All Users\117468
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\msvgqh.exe
Creates File\Device\Afd\Endpoint
Deletes FileC:\malware.exe
Winsock DNSmicrosoft.com
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.32.216.71
DNSeurope.pool.ntp.org
Type: A
194.71.144.71
DNSeurope.pool.ntp.org
Type: A
5.1.56.123
DNSeurope.pool.ntp.org
Type: A
149.18.38.230
DNSnorth-america.pool.ntp.org
Type: A
138.236.128.36
DNSnorth-america.pool.ntp.org
Type: A
206.108.0.132
DNSnorth-america.pool.ntp.org
Type: A
209.244.0.3
DNSnorth-america.pool.ntp.org
Type: A
45.79.190.93
DNSsouth-america.pool.ntp.org
Type: A
190.228.30.178
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
170.210.222.2
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSasia.pool.ntp.org
Type: A
113.30.137.34
DNSasia.pool.ntp.org
Type: A
129.250.35.250
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
78.111.50.52
DNSoceania.pool.ntp.org
Type: A
54.252.161.68
DNSoceania.pool.ntp.org
Type: A
54.252.165.245
DNSoceania.pool.ntp.org
Type: A
121.0.0.42
DNSoceania.pool.ntp.org
Type: A
192.189.54.33
DNSafrica.pool.ntp.org
Type: A
197.82.150.123
DNSafrica.pool.ntp.org
Type: A
197.157.194.21
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSafrica.pool.ntp.org
Type: A
197.80.150.123
DNSpool.ntp.org
Type: A
64.6.144.6
DNSpool.ntp.org
Type: A
67.219.227.156
DNSpool.ntp.org
Type: A
204.2.134.162
DNSpool.ntp.org
Type: A
204.9.54.119
DNSmicrosoft.com
Type: A
104.40.211.35
DNSmicrosoft.com
Type: A
104.43.195.251
DNSmicrosoft.com
Type: A
191.239.213.197
DNSmicrosoft.com
Type: A
23.96.52.53
DNSmicrosoft.com
Type: A
23.100.122.175
DNSoutsphere.com
Type: A
Flows UDP192.168.1.1:1043 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1044 ➝ 104.40.211.35:80
Flows UDP192.168.1.1:1045 ➝ 8.8.4.4:53

Raw Pcap

Strings