Analysis Date2015-12-24 15:40:04
MD54523a19482f2638ef4348554e848d056
SHA1193b6e91d4a030c661f0ebef317840c349a7369c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e4147f4893218f851c3b55bd94e6ae07 sha1: 8a46183ba5c1b77e23aacaaca9ec310fc5d07584 size: 39424
Section.rdata md5: f322d7c6c9bae2a9efbf38f8964cac03 sha1: 186df9ab87594044610444cdbf6616882d8705e4 size: 9216
Section.data md5: 809968b45abb456cf124127c2564fd04 sha1: 188da9895310602d6697e0d9820fe9a6188326c7 size: 14336
Section.hgbr md5: 741c945fb20ecfd60a370c6e84d82f4f sha1: cc9b31c1a557a01f3270ec7c37eac8df7e59d404 size: 28672
Section.rsrc md5: 03a1a75771834a705709a75ba3834b5f sha1: 0462e6ec733172949ea1c5dbd333f1d5ce751551 size: 1536
Timestamp2015-08-21 08:15:33
VersionLegalCopyright: Soft Ware
InternalName: Soft Ware
FileVersion: 3.10.349.0
CompanyName: Microsoft Corp.
LegalTrademarks1: Soft Ware
LegalTrademarks2: Soft Ware
ProductName: Soft Ware
ProductVersion: 3.10
FileDescription: Microsoft Security
OriginalFilename: Soft Ware
PackerMicrosoft Visual C++ ?.?
PEhash940e934ba55580dbec787aa9fafe384d6551985e
IMPhash76fbfa17f0aa9b10bcbd5a2d440be830
AVAd-AwareTrojan.GenericKD.2667422
AVGrisoft (avg)Generic_r.FRC
AVSymantecBackdoor.Trojan
AVCAT (quickheal)Worm.Gamarue.AR4
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVK7Trojan ( 004cdba61 )
AVClamAVno_virus
AVTwisterTrojan.Girtk.DUGT.kclt
AVZillya!Backdoor.Androm.Win32.25235
AVAuthentiumW32/Backdoor.VFTO-6931
AVMicroWorld (escan)Trojan.GenericKD.2667422
AVDr. WebTrojan.Siggen.65341
AVBullGuardTrojan.GenericKD.2667422
AVIkarusTrojan.SuspectCRC
AVKasperskyTrojan.Win32.Fleercivet.aec
AVMcafeeRDN/Generic BackDoor
AVRisingno_virus
AVEmsisoftTrojan.GenericKD.2667422
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus
AVEset (nod32)Win32/Kryptik.DUGT
AVFortinetW32/Kryptik.DUGT!tr
AVAlwil (avast)Dorder-E [Trj]
AVFrisk (f-prot)no_virus
AVCA (E-Trust Ino)Win32/Remex.ZAZF!suspicious
AVF-SecureTrojan.GenericKD.2667422
AVMalwareBytesno_virus
AVBitDefenderTrojan.GenericKD.2667422
AVArcabit (arcavir)Trojan.GenericKD.2667422
AVAvira (antivir)BDS/Andromeda.A.2

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.225.118.162
DNSeurope.pool.ntp.org
Type: A
81.0.208.219
DNSeurope.pool.ntp.org
Type: A
129.70.132.32
DNSeurope.pool.ntp.org
Type: A
139.112.153.37
DNSnorth-america.pool.ntp.org
Type: A
171.66.97.126
DNSnorth-america.pool.ntp.org
Type: A
209.244.0.3
DNSnorth-america.pool.ntp.org
Type: A
50.116.52.97
DNSnorth-america.pool.ntp.org
Type: A
72.14.183.239
DNSsouth-america.pool.ntp.org
Type: A
170.155.148.1
DNSsouth-america.pool.ntp.org
Type: A
190.15.141.64
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSasia.pool.ntp.org
Type: A
139.162.20.174
DNSasia.pool.ntp.org
Type: A
218.189.210.4
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSasia.pool.ntp.org
Type: A
52.69.228.202
DNSoceania.pool.ntp.org
Type: A
45.114.116.62
DNSoceania.pool.ntp.org
Type: A
120.146.26.214
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
223.252.23.219
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
197.80.150.123
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSpool.ntp.org
Type: A
209.244.0.3
DNSpool.ntp.org
Type: A
71.19.144.130
DNSpool.ntp.org
Type: A
198.55.111.5
DNSpool.ntp.org
Type: A
206.209.110.2

Raw Pcap

Strings