Analysis Date2015-11-30 10:14:57
MD5162ec77c75fa7021efa5b2a17e46cbce
SHA111eeb0376197ea7586bc1467bb9dc687b820e850

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6e41b9af35d2b09ce3c9493cd59e1780 sha1: ce5c3e25ae499a24522da17a1e8dbdfd2c80c9d0 size: 53248
Section.rdata md5: b4fe5d4bee8d0ff7612a333941a611e6 sha1: c532dc9d9a6a3e892735d64effb0643bb11d47e2 size: 12288
Section.data md5: cd72089d7fb9a285d187cfa75e09643f sha1: 36852fc338b53b86b07f0ae5dc235f5960b21765 size: 141824
Section.rsrc md5: 3d4b20701ff379966fefb075dab2af7d sha1: 3250d750224e46f9a53a0d326f90b569292885ce size: 85504
Timestamp2015-08-28 07:37:39
VersionLegalCopyright: 2000-2013 Joerg Mueller, Daniel Polansky, Christian Foltin, Dimitry Polivaev, and others.
InternalName: FreeMind
FileVersion: FreeMind
CompanyName:
ProductName: FreeMind
ProductVersion: FreeMind
FileDescription: FreeMind is a premier free mind-mapping software written in Java.
OriginalFilename: freemind.exe
PackerMicrosoft Visual C++ ?.?
PEhash511b4fcb08a3e6cfb9d3a7f8958dcc3357d64855
IMPhashe89e4270537f561702ff6e205b890a16
AVFortinetW32/Kryptik.DVIJ!tr
AVEmsisoftTrojan.GenericKD.2684302
AVEset (nod32)Win32/Kryptik.DUWK
AVAd-AwareTrojan.GenericKD.2684302
AVDr. WebBackDoor.Andromeda.614
AVTwisterTrojan.Girtk.DUWK.gzkk
AVBitDefenderTrojan.GenericKD.2684302
AVAvira (antivir)TR/Kryptik.doeufg
AVArcabit (arcavir)Trojan.GenericKD.2684302
AVMalwareBytesTrojan.Kovter
AVClamAVno_virus
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)W32/FakeAlert.ACZ.gen!Eldorado
AVAlwil (avast)Androp [Drp]
AVBullGuardTrojan.GenericKD.2684302
AVArcabit (arcavir)Trojan.GenericKD.2684302
AVDr. WebBackDoor.Andromeda.614
AVKasperskyTrojan.Win32.Generic
AVCA (E-Trust Ino)no_virus
AVSymantecBackdoor.Trojan
AVIkarusTrojan.Win32.Crypt
AVGrisoft (avg)Win32/Cryptor
AVEmsisoftTrojan.GenericKD.2684302
AVTrend Microno_virus
AVAuthentiumW32/FakeAlert.ACZ.gen!Eldorado
AVAvira (antivir)TR/Kryptik.doeufg
AVVirusBlokAda (vba32)Backdoor.Androm
AVMicroWorld (escan)Trojan.GenericKD.2684302
AVAlwil (avast)Androp [Drp]
AVMicroWorld (escan)Trojan.GenericKD.2684302
AVCAT (quickheal)Ransom.Crowti.A4
AVZillya!no_virus
AVRisingno_virus
AVRisingno_virus
AVTwisterTrojan.Girtk.DUWK.gzkk
AVAd-AwareTrojan.GenericKD.2684302
AVFrisk (f-prot)W32/FakeAlert.ACZ.gen!Eldorado
AVZillya!no_virus
AVGrisoft (avg)Win32/Cryptor
AVAuthentiumW32/FakeAlert.ACZ.gen!Eldorado
AVBitDefenderTrojan.GenericKD.2684302
AVVirusBlokAda (vba32)Backdoor.Androm
AVPadvishno_virus
AVSymantecBackdoor.Trojan
AVPadvishno_virus
AVEset (nod32)Win32/Kryptik.DUWK
AVBullGuardTrojan.GenericKD.2684302
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVFortinetW32/Kryptik.DVIJ!tr

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
62.75.254.179
DNSeurope.pool.ntp.org
Type: A
85.25.105.106
DNSeurope.pool.ntp.org
Type: A
141.30.228.4
DNSeurope.pool.ntp.org
Type: A
178.21.23.127
DNSnorth-america.pool.ntp.org
Type: A
199.182.221.110
DNSnorth-america.pool.ntp.org
Type: A
208.53.158.34
DNSnorth-america.pool.ntp.org
Type: A
50.116.38.157
DNSnorth-america.pool.ntp.org
Type: A
108.61.73.243
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSsouth-america.pool.ntp.org
Type: A
190.15.141.64
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.197
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSasia.pool.ntp.org
Type: A
139.162.20.174
DNSasia.pool.ntp.org
Type: A
203.114.224.252
DNSasia.pool.ntp.org
Type: A
211.233.40.78
DNSasia.pool.ntp.org
Type: A
103.245.79.2
DNSoceania.pool.ntp.org
Type: A
115.126.160.4
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
192.189.54.17
DNSoceania.pool.ntp.org
Type: A
45.114.116.62
DNSafrica.pool.ntp.org
Type: A
196.192.32.7
DNSafrica.pool.ntp.org
Type: A
41.231.53.4
DNSafrica.pool.ntp.org
Type: A
168.167.71.131
DNSafrica.pool.ntp.org
Type: A
196.41.127.42

Raw Pcap

Strings