Analysis Date2015-08-13 03:45:09
MD50dc4a42ac301d127b61c119097da4483
SHA1144e39a1a1f00d7e08fa700b0fc3a3e7a3aa6b8a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 359df628d1144e52c7297d7c1e27e602 sha1: c22301e9fef9bc0200225da71cdce86ab19eb064 size: 512
Section.rdata md5: ab29002ea2e7c0d91a2bde1d817ca366 sha1: ced738602e81801744fe86d982895b06b7ce5a58 size: 104960
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.reloc md5: 88385786062c33d5e63f9a3aa94124f9 sha1: b4e405437f718b5c195b49850b0998fe8cd94606 size: 512
Timestamp2014-04-25 13:54:19
PackerBorland Delphi 3.0 (???)
PEhash1a43470255bbd861b6601e7df35ca42f31b78ac6
IMPhash5d907e4f447d6c7f2275c3923df49f63
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.306055
AVDr. WebTrojan.PWS.Ibank.811
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.306055
AVBullGuardGen:Variant.Kazy.306055
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend MicroBKDR_PLUGX.EO
AVKasperskyBackdoor.Win32.Gulpix.ale
AVZillya!Trojan.FakeAV.Win32.316307
AVEmsisoftGen:Variant.Kazy.306055
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.306055
AVMicrosoft Security Essentialsno_virus
AVK7Trojan ( 004967951 )
AVBitDefenderGen:Variant.Kazy.306055
AVFortinetW32/FakeAV.BVQC!tr
AVSymantecno_virus
AVGrisoft (avg)Crypt3.LMN
AVEset (nod32)Win32/Kryptik.BVQC
AVAlwil (avast)MalOb-HP [Cryp]
AVAd-AwareGen:Variant.Kazy.306055
AVTwisterVirus.56576A406800100000.mg
AVAvira (antivir)TR/Dropper.Gen
AVMcafeeRDN/Generic FakeAlert
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates ProcessC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates MutexGlobal\crknp

Process
↳ C:\Documents and Settings\All Users\DRM\XXX\.exe

Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates MutexGlobal\aftaumxbdnqsjbpbv
Creates MutexGlobal\ommdvtuqnjwvdfajh
Creates MutexGlobal\eklytvhdy
Creates MutexGlobal\kdiolmoexbmog
Creates MutexGlobal\ssmuagced
Creates MutexGlobal\mschu
Creates MutexGlobal\aabhnqurdbfoh
Creates MutexGlobal\wzuxiivdwflbzshku
Creates MutexGlobal\imcmivogjpsel
Creates MutexGlobal\stuxkwabijxwwaxrh
Creates MutexGlobal\wubqw
Creates MutexGlobal\crknp
Creates MutexGlobal\inkxsdwqbtist
Creates MutexGlobal\uimnyxkbx
Creates MutexGlobal\gwdgudoewykyd
Creates MutexGlobal\iqlpefsfveadljlia
Creates MutexGlobal\mwmjwuuwpuvcczsph
Creates MutexGlobal\qclkvonpovvoztjdf

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022602.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022557.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022612.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022542.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX\nprqyjadoqkp
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022548.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022552.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022617.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813022607.jpg
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexGlobal\000000010000000000000100
Creates MutexMMMM
Winsock DNS127.0.0.1

Network Details:

Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53

Raw Pcap

Strings