Analysis Date2016-01-28 09:42:58
MD5107abfb5c59fde8d8d1917265edf49a7
SHA11657d5a0cbe6d0fa86c591313f3ebb688225c60f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7562a47af5a4813bd245b636c1687a97 sha1: 99585bf05983711d4aec905226b7241e1a8e667f size: 55808
Section.rdata md5: 782a5dfd45f300a277a9a747ca19ccde sha1: 066e589b4812b22261ca145b0f58f1a601415f79 size: 9728
Section.data md5: 5356ae242d434efc6ec9ea73ded9054e sha1: 03d4eb55bacc97e4a0ed8127e969f755d4255892 size: 60416
Section.reloc md5: a76a1e7ffbb155e3b0526bc7b898c589 sha1: 22b0dbbd26b3f72dfd6a0e7f45a43acbbd048d64 size: 4608
Timestamp2016-01-19 19:00:05
PackerMicrosoft Visual C++ ?.?
PEhash0ae5cf73b97da4ccef0192f001442b8321ebdc3a
IMPhashe455678411cf3e1a19ba82415a4febba
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/Crypt.Xpack.421382
AVTwisterNo Virus
AVAd-AwareGen:Variant.Zusy.177418
AVAlwil (avast)Dorder-E [Trj]
AVEset (nod32)Win32/Kryptik.ELCF
AVGrisoft (avg)Crypt5.ACUB
AVSymantecNo Virus
AVFortinetW32/Kryptik.ELCF!tr
AVBitDefenderGen:Variant.Zusy.177418
AVK7Trojan ( 004dc37e1 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVMicroWorld (escan)No Virus
AVMalwareBytesRansom.FileCryptor
AVAuthentiumNo Virus
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftGen:Variant.Zusy.177418
AVZillya!No Virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVBullGuardGen:Variant.Zusy.177418
AVArcabit (arcavir)Gen:Variant.Zusy.177418
AVClamAVNo Virus
AVDr. WebTrojan.DownLoader19.2633
AVF-SecureGen:Variant.Zusy.177418
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Policies\Explorer\Run\317606753 ➝
C:\Documents and Settings\All Users\msvgqh.exe\\x00
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\Windows\Load ➝
\\x00
Creates FileC:\Documents and Settings\All Users\116843
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\msvgqh.exe
Creates File\Device\Afd\Endpoint
Deletes FileC:\1657D5~1.EXE
Winsock DNSmicrosoft.com
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
82.219.4.30
DNSeurope.pool.ntp.org
Type: A
91.121.136.63
DNSeurope.pool.ntp.org
Type: A
37.187.2.84
DNSeurope.pool.ntp.org
Type: A
46.182.19.75
DNSnorth-america.pool.ntp.org
Type: A
108.61.56.35
DNSnorth-america.pool.ntp.org
Type: A
108.61.73.244
DNSnorth-america.pool.ntp.org
Type: A
129.6.15.28
DNSnorth-america.pool.ntp.org
Type: A
104.131.51.97
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSasia.pool.ntp.org
Type: A
218.189.210.4
DNSasia.pool.ntp.org
Type: A
123.108.200.124
DNSasia.pool.ntp.org
Type: A
129.250.35.251
DNSasia.pool.ntp.org
Type: A
210.23.18.197
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSoceania.pool.ntp.org
Type: A
202.22.158.30
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSafrica.pool.ntp.org
Type: A
196.10.55.57
DNSafrica.pool.ntp.org
Type: A
197.84.150.123
DNSafrica.pool.ntp.org
Type: A
41.78.128.17
DNSafrica.pool.ntp.org
Type: A
41.204.120.137
DNSpool.ntp.org
Type: A
50.16.201.39
DNSpool.ntp.org
Type: A
129.6.15.30
DNSpool.ntp.org
Type: A
138.236.128.36
DNSpool.ntp.org
Type: A
152.2.133.52
DNSmicrosoft.com
Type: A
23.96.52.53
DNSmicrosoft.com
Type: A
23.100.122.175
DNSmicrosoft.com
Type: A
104.40.211.35
DNSmicrosoft.com
Type: A
104.43.195.251
DNSmicrosoft.com
Type: A
191.239.213.197
DNSringplanet.eu
Type: A
Flows UDP192.168.1.1:1043 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1044 ➝ 23.96.52.53:80
Flows UDP192.168.1.1:1045 ➝ 8.8.4.4:53

Raw Pcap

Strings