Analysis Date2015-07-08 07:21:54
MD5ba56f26b1d4626c05b90803f6ef1c36f
SHA117582cdaa3906b3a4abefa5a877338e609013cce

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 614c45e7667544d0b4c77f187e17c14f sha1: 61523857368de003172fb9e2eebc08c9cc171ff0 size: 28672
Section.rdata md5: 94dd8db9ab46c12edbd92af65bfaed53 sha1: 9722f32d6fb6ae93567506ea43a161339e971ef5 size: 8192
Section.data md5: 441e784e8bad2a8d104b2bbceb853cda sha1: 348d72b80abb9e23b70d1d6306916db10ddd7536 size: 12288
Sectionrr md5: 287152d2f0f7a54eb9f679230bd3519b sha1: e6d0f665b40dd2bc26e59497a17d5d5912f31ef4 size: 16385
Timestamp2015-05-22 13:18:15
PackerMicrosoft Visual C++ 5.0
PEhash91d631c5f65c65fd00da3dc122a75580989e0944
IMPhash58d0f79654d5b2125940f012236b29d3

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
21150524\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://46.28.67.170:53872/stat?uid=100&downlink=1111&uplink=1111&id=00065769&statpass=bpass&version=21150524&features=30&guid=5840f5d1-1d01-4ccd-953d-4b43c598510c&comment=21150524&p=0&s=
User-Agent:
HTTP GEThttp://85.92.138.200:18150/stat?uid=100&downlink=1111&uplink=1111&id=00066B30&statpass=bpass&version=21150524&features=30&guid=5840f5d1-1d01-4ccd-953d-4b43c598510c&comment=21150524&p=0&s=
User-Agent:
HTTP GEThttp://31.193.175.117:51447/stat?uid=100&downlink=1111&uplink=1111&id=00067EC7&statpass=bpass&version=21150524&features=30&guid=5840f5d1-1d01-4ccd-953d-4b43c598510c&comment=21150524&p=0&s=
User-Agent:
HTTP GEThttp://85.13.218.26:22237/stat?uid=100&downlink=1111&uplink=1111&id=0006925F&statpass=bpass&version=21150524&features=30&guid=5840f5d1-1d01-4ccd-953d-4b43c598510c&comment=21150524&p=0&s=
User-Agent:
HTTP GEThttp://193.169.189.121:26195/stat?uid=100&downlink=1111&uplink=1111&id=0006A606&statpass=bpass&version=21150524&features=30&guid=5840f5d1-1d01-4ccd-953d-4b43c598510c&comment=21150524&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 46.28.67.170:53872
Flows TCP192.168.1.1:1031 ➝ 46.28.67.170:53872
Flows TCP192.168.1.1:1032 ➝ 85.92.138.200:18150
Flows TCP192.168.1.1:1033 ➝ 31.193.175.117:51447
Flows TCP192.168.1.1:1034 ➝ 85.13.218.26:22237
Flows TCP192.168.1.1:1035 ➝ 193.169.189.121:26195

Raw Pcap

Strings