Analysis Date2015-11-13 18:53:10
MD5684d3b819667ca205fd08e8eeee11dce
SHA111e735fc577dc07ee90fcd549a3bf23f2a38109a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 506427a2e8ab538e5ec2520b42957aa9 sha1: 39d84e598ed30408ea3dfed5735d828073c6f689 size: 6144
Section.rdata md5: e2a4c3a7115ba54b92b033271ac8720d sha1: 11b8cf62bdc6042ddbf3af434f07ddacbf6581da size: 2048
Section.data md5: 47e6ff88fc122b389f04b5835a3df975 sha1: 5620a50dbd5d8fa93ef0b8e980ed403c6125f989 size: 2048
Section.rsrc md5: d694a74145ed37014ee9ab96e04263c9 sha1: 999adafb43f48c03a591b118608a650bafd32c73 size: 512
Timestamp2014-04-22 17:57:57
PackerMicrosoft Visual C++ v6.0
PEhashe7f79632adc868bcc9d2062eeefe7ddd9025c359
IMPhashd212f4856ef91a73d17f9e9cdf7752bb
AVCA (E-Trust Ino)no_virus
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeDownloader-FSH!684D3B819667
AVAvira (antivir)TR/Dldr.Upatre.A.104
AVTwisterTrojanSpy.Zbot.siyn.pcqw
AVAd-AwareTrojan.Upatre.Gen.3
AVAlwil (avast)Kryptik-NSC [Trj]
AVEset (nod32)Win32/Kryptik.CAJW
AVGrisoft (avg)Downloader.Generic13.CFUC
AVSymantecBackdoor.Trojan
AVFortinetW32/Waski.A!tr
AVBitDefenderTrojan.Upatre.Gen.3
AVK7Trojan ( 004992aa1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.A
AVMicroWorld (escan)Trojan.Upatre.Gen.3
AVMalwareBytesTrojan.Agent.ED
AVAuthentiumW32/S-fb4bb864!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Dropper.Necurs
AVEmsisoftTrojan.Upatre.Gen.3
AVZillya!Trojan.Zbot.Win32.157193
AVKasperskyTrojan-Spy.Win32.Zbot.siyn
AVTrend MicroTROJ_UPATRE.SM37
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)TrojanSpy.Zbot
AVPadvishno_virus
AVBullGuardTrojan.Upatre.Gen.3
AVArcabit (arcavir)Trojan.Upatre.Gen.3
AVClamAVWin.Trojan.Agent-845630
AVDr. WebTrojan.DownLoad3.28161
AVF-SecureTrojan.Upatre.Gen.3
AVRisingno_virus
AVMcafeeDownloader-FSH!684D3B819667
AVAvira (antivir)TR/Dldr.Upatre.A.104
AVTwisterTrojanSpy.Zbot.siyn.pcqw
AVAd-AwareTrojan.Upatre.Gen.3
AVAlwil (avast)Kryptik-NSC [Trj]
AVEset (nod32)Win32/Kryptik.CAJW
AVGrisoft (avg)Downloader.Generic13.CFUC
AVSymantecBackdoor.Trojan
AVFortinetW32/Waski.A!tr
AVBitDefenderTrojan.Upatre.Gen.3
AVK7Trojan ( 004992aa1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.A
AVMicroWorld (escan)Trojan.Upatre.Gen.3
AVMalwareBytesTrojan.Agent.ED
AVAuthentiumW32/S-fb4bb864!Eldorado
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\lasma.exe
Creates Process"C:\Documents and Settings\Administrator\Local Settings\Temp\lasma.exe"

Process
↳ "C:\Documents and Settings\Administrator\Local Settings\Temp\lasma.exe"

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNStmupi.com
Winsock DNSpartners-gs.com

Network Details:

DNStmupi.com
Type: A
72.47.244.148
DNSpartners-gs.com
Type: A
50.56.218.189
Flows TCP192.168.1.1:1031 ➝ 72.47.244.148:443
Flows TCP192.168.1.1:1032 ➝ 72.47.244.148:443
Flows TCP192.168.1.1:1033 ➝ 72.47.244.148:443
Flows TCP192.168.1.1:1034 ➝ 72.47.244.148:443
Flows TCP192.168.1.1:1035 ➝ 50.56.218.189:443
Flows TCP192.168.1.1:1036 ➝ 50.56.218.189:443

Raw Pcap
0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   802b01                                .+.

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   802b01                                .+.

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   802b01                                .+.


Strings