Analysis Date2018-06-06 11:43:56
MD5cdb220b6ebd4a1c8c6261c0d6cd09c66
SHA11660693f5f47f6829c2e742539813b64dac86a22

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6d960dee364224c2650099b376bbabf4 sha1: c1d3b61800c220c9333508b8f8f3903151f7afde size: 187904
Section.rdata md5: c42970f1b7581b17ee58fa69aab64d70 sha1: 6354776b4fc831b543056bec545278ae4f41df62 size: 20480
Section.data md5: b827b2e873bb453f8189b885a8f71e3a sha1: 52f19b9149c7ce8a18312da41d9a6d4af513eddb size: 5632
Section.rsrc md5: 0a1f2d4d3bfc1c4b11ff6285155a4b89 sha1: 9b76044c5d36ec50df964608713f7acbb7aeccf5 size: 46592
Timestamp2015-06-07 00:36:29
VersionLegalCopyright: Copyright (C) Microsoft Corp. 1992-1997
InternalName: CVTRES.EXE
FileVersion: 5.00.1736.1
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows NT(R) Operating System
ProductVersion: 5.00.1736.1
FileDescription: Resource File To COFF Object Conversion Utility
OriginalFilename: CVTRES.EXE
PackerMicrosoft Visual C++ ?.?
PEhash142b566306f130ff461c34f455986c4edb0168b5
IMPhashdbfdfb4eacf1f0b6c13d9242aa6dd9db
AVBullGuardGen:Variant.Mikey.15009
AVSymantecTrojan.Gen
AVF-SecureGen:Variant.Mikey.15009
AVBitDefenderGen:Variant.Mikey.15009
AVTwisterTrojan.DOMG.fnmx
AVGrisoft (avg)Crypt4.AQAG
AVK7Trojan ( 004c513a1 )
AVPadvishno_virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVClamAVno_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFortinetW32/Kryptik.DLPI!tr
AVEmsisoftGen:Variant.Mikey.15009
AVIkarusPUA.Bundler
AVZillya!Backdoor.Androm.Win32.21536
AVCA (E-Trust Ino)no_virus
AVMicroWorld (escan)Gen:Variant.Mikey.15009
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus
AVMalwareBytesTrojan.FakeMS.ED
AVCAT (quickheal)Ransom.Cryptodef.S4
AVAd-AwareGen:Variant.Mikey.15009
AVFrisk (f-prot)no_virus
AVAvira (antivir)TR/Dropper.A.1235
AVDr. WebBackDoor.IRC.NgrBot.42
AVArcabit (arcavir)Gen:Variant.Mikey.15009
AVAlwil (avast)Sharik-J [Trj]
AVKasperskyTrojan.Win32.Generic
AVMcafeeno_virus
AVEset (nod32)Win32/Kryptik.DLJE
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\1660693f5f47f6829c2e742539813b64dac86a22.exe

Process
↳ C:\Windows\SysWOW64\msiexec.exe

Process
↳ C:\Windows\SysWOW64\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
212.70.148.17
DNSeurope.pool.ntp.org
Type: A
217.114.59.3
DNSeurope.pool.ntp.org
Type: A
5.45.97.110
DNSeurope.pool.ntp.org
Type: A
195.83.66.158
DNSnorth-america.pool.ntp.org
Type: A
204.2.134.164
DNSnorth-america.pool.ntp.org
Type: A
172.82.134.51
DNSnorth-america.pool.ntp.org
Type: A
132.163.4.101
DNSnorth-america.pool.ntp.org
Type: A
209.123.234.43
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSasia.pool.ntp.org
Type: A
120.119.28.1
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSasia.pool.ntp.org
Type: A
139.162.20.174
DNSasia.pool.ntp.org
Type: A
128.199.84.169
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSoceania.pool.ntp.org
Type: A
202.6.248.11
DNSoceania.pool.ntp.org
Type: A
203.23.237.200
DNSafrica.pool.ntp.org
Type: A
197.157.194.21
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
154.127.59.231
DNSafrica.pool.ntp.org
Type: A
41.222.88.32

Raw Pcap
0x00000000 (00000)   504f5354 202f626c 6130382f 67617465   POST /bla08/gate
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a43   .php HTTP/1.1..C
0x00000020 (00032)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000030 (00048)   2d636163 68650d0a 436f6e6e 65637469   -cache..Connecti
0x00000040 (00064)   6f6e3a20 636c6f73 650d0a50 7261676d   on: close..Pragm
0x00000050 (00080)   613a206e 6f2d6361 6368650d 0a436f6e   a: no-cache..Con
0x00000060 (00096)   74656e74 2d547970 653a2061 70706c69   tent-Type: appli
0x00000070 (00112)   63617469 6f6e2f6f 63746574 2d737472   cation/octet-str
0x00000080 (00128)   65616d0d 0a557365 722d4167 656e743a   eam..User-Agent:
0x00000090 (00144)   204d6f7a 696c6c61 2f342e30 0d0a436f    Mozilla/4.0..Co
0x000000a0 (00160)   6e74656e 742d4c65 6e677468 3a203539   ntent-Length: 59
0x000000b0 (00176)   0d0a486f 73743a20 616e6434 2e6a756e   ..Host: and4.jun
0x000000c0 (00192)   676c6562 65617269 77746331 2e636f6d   glebeariwtc1.com
0x000000d0 (00208)   0d0a0d0a afd8abce ad255a01 c212453f   .........%Z...E?
0x000000e0 (00224)   64b89f69 320c10a9 dde99403 c32cdc6e   d..i2........,.n
0x000000f0 (00240)   c8eaf769 a25f3b17 0faa49e9 084d86ca   ...i._;...I..M..
0x00000100 (00256)   84ae4f07 9815716a fe6086d5 8a9490     ..O...qj.`.....


Strings