Analysis Date2015-10-01 16:04:48
MD58c40729a02ddeaa16523a78205a39f6a
SHA1107346d9b1d79b4c0f2a89fce8fb32be507a0887

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 880a1103f14c8bb654881a5874d390b7 sha1: 4206130ded6e2cc39b1bb74a4a69f67f062d02f3 size: 21504
Section.rdata md5: f7af4128f5db45e77c3a290e76f98eec sha1: 883f7bd284621d310ed8850cbc43d8230742e9fb size: 2560
Section.data md5: 5cb2465bb8a797e2cf6b29e92c636b4c sha1: 703f7604ae81d07c23a668001cd48908060cd115 size: 10752
Section.rsrc md5: 76b47a43158f57bc2dfc122ce5b613fb sha1: 3d07d63dda5d335b217cf56c412c252d39325a84 size: 100352
Timestamp2013-08-05 13:09:53
VersionLegalCopyright: Milko
InternalName: Likvar
FileVersion: 4, 0, 1, 3
CompanyName: Firer
PrivateBuild: Svahili
LegalTrademarks: Bapiz
Comments: Surepez
ProductName: Selem
SpecialBuild: Zimlo
ProductVersion: 1, 5, 2, 2
FileDescription: Zamaz
OriginalFilename: Dabaris
PackerMicrosoft Visual C++ v6.0
PEhasha8f6687292e1c037460f4fc70c50a73af704d01e
IMPhashb71f5cc166942efb8e82db8f3a9a3989
AVCA (E-Trust Ino)Win32/Gamarue.OPeQUW
AVF-SecureTrojan-Downloader:W32/Wauchos.F
AVDr. WebBackDoor.Andromeda.178
AVClamAVWin.Trojan.Gamarue-26
AVArcabit (arcavir)Gen:Variant.Zusy.59002
AVBullGuardGen:Variant.Zusy.59002
AVPadvishWorm.Win32.Gamarue.J2
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Wauchos.2183
AVCAT (quickheal)Trojan.Generic.02432
AVTrend MicroWORM_GAMARUE.SMV
AVKasperskyTrojan.Win32.Generic
AVZillya!Backdoor.Androm.Win32.2862
AVEmsisoftGen:Variant.Zusy.59002
AVIkarusTrojan.Inject
AVFrisk (f-prot)W32/Gamarue.D.gen!Eldorado
AVAuthentiumW32/Gamarue.D.gen!Eldorado
AVMalwareBytesTrojan.Downloader
AVMicroWorld (escan)Gen:Variant.Zusy.59002
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.F
AVK7Trojan ( 0044ff2c1 )
AVBitDefenderGen:Variant.Zusy.59002
AVFortinetW32/Wauchos.LB!tr
AVSymantecTrojan.Gen
AVGrisoft (avg)Inject.BCME
AVEset (nod32)Win32/Injector.AKSZ
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Variant.Zusy.59002
AVTwisterTrojan.3B1D59A669ABE886
AVAvira (antivir)TR/Kryptik.18566541
AVMcafeeW32/Worm-FQF!Gamarue
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\wupdmgr.exe

Process
↳ C:\WINDOWS\system32\wupdmgr.exe

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.158
DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.189
DNSwww.update.microsoft.com
Type: A
DNSrestlesz.su
Type: A
DNSdevicesta.ru
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.50.158:80
Flows UDP192.168.1.1:1032 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1033 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1034 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1035 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1036 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1037 ➝ 8.8.4.4:53

Raw Pcap

Strings