Analysis Date2015-12-30 13:58:55
MD5b157fd4600239c937a4e0636d6d7a72f
SHA115314cd59701ddc1963d75b475b4922cda2ab632

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 592edb85a3a9f16baebe82769dc7ff78 sha1: c56df09d339ac509b3b2449de11979b478d6488f size: 104448
Section.rdata md5: a26e03cf3fe52f746534b45e906deda7 sha1: 58b4fc5d727d08668c709f8f9b55042941438894 size: 38912
Section.data md5: 024938195f5b90258a2a0fd6aec6f42c sha1: 220f34fa82f9584d5f5f58182bc34ba9dd43a3f9 size: 69120
Section.rsrc md5: b85300a76cba183fa6e92553b1027ac0 sha1: 5b4485d9548de88e2553422d6834a4f755b705fd size: 51712
Timestamp2015-10-23 13:53:42
PackerMicrosoft Visual C++ ?.?
PEhash103aa98dc9a33562b03c8f058702213880ed3239
IMPhash3c3f14412256e371c47711acf3d1fde5
AVAd-AwareTrojan.GenericKDZ.30802
AVGrisoft (avg)Crypt_r.AGT
AVCAT (quickheal)Worm.Gamarue.r4
AVIkarusTrojan.Win32.Crypt
AVAvira (antivir)TR/Crypt.ZPACK.196139
AVK7no_virus
AVClamAVno_virus
AVKasperskyTrojan.Win32.Generic
AVArcabit (arcavir)Trojan.GenericKDZ.30802
AVMalwareBytesBackdoor.Andromeda
AVDr. WebTrojan.DownLoader16.45853
AVMcafeeRDN/Generic BackDoor
AVBitDefenderTrojan.GenericKDZ.30802
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVEmsisoftTrojan.GenericKDZ.30802
AVMicroWorld (escan)Trojan.GenericKDZ.30802
AVAlwil (avast)Androp [Drp]
AVEset (nod32)Win32/Kryptik.EBWZ
AVRisingno_virus
AVBullGuardTrojan.GenericKDZ.30802
AVFortinetW32/Kryptik.ECCZ!tr
AVSymantecTrojan.Gen
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVTrend Microno_virus
AVFrisk (f-prot)no_virus
AVTwisterno_virus
AVCA (E-Trust Ino)no_virus
AVVirusBlokAda (vba32)Trojan.Agent
AVF-SecureTrojan.GenericKDZ.30802
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
213.171.220.65
DNSeurope.pool.ntp.org
Type: A
5.34.248.224
DNSeurope.pool.ntp.org
Type: A
91.207.136.55
DNSeurope.pool.ntp.org
Type: A
178.17.160.12
DNSnorth-america.pool.ntp.org
Type: A
205.233.73.201
DNSnorth-america.pool.ntp.org
Type: A
63.211.239.58
DNSnorth-america.pool.ntp.org
Type: A
108.59.2.24
DNSnorth-america.pool.ntp.org
Type: A
198.55.111.50
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSasia.pool.ntp.org
Type: A
203.114.224.252
DNSasia.pool.ntp.org
Type: A
104.41.190.151
DNSasia.pool.ntp.org
Type: A
129.250.35.251
DNSasia.pool.ntp.org
Type: A
157.7.154.29
DNSoceania.pool.ntp.org
Type: A
59.167.252.133
DNSoceania.pool.ntp.org
Type: A
202.22.158.30
DNSoceania.pool.ntp.org
Type: A
203.99.129.34
DNSoceania.pool.ntp.org
Type: A
54.252.129.186

Raw Pcap

Strings