Analysis Date2015-06-16 17:15:46
MD561db826d1821f6fa66c56855f0b1cf7c
SHA11b5388f00b7c6dd52737cdd02b61a600fe734998

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 412fddeb3596121082ec402e41c384c0 sha1: 5517e1db39accdf92abac32ecfd46361a1f03a15 size: 77824
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 93d7ce75905d18819e21bb068d48f761 sha1: 5cd2b75f439c9bdc2304ae174b835a75ef1f13b1 size: 184320
Timestamp2014-08-10 07:25:12
VersionProductVersion: 1.00
InternalName: Roda
FileVersion: 1.00
OriginalFilename: Roda.exe
ProductName: Unload
PackerMicrosoft Visual Basic v5.0
PEhash11c04a11b8fb999d8cc6680b4ea77378f5bdcca2
IMPhash2082f2cb31e74ca97101ec1c6bbd94f8
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.VBRan.Gen.2
AVDr. Webno_virus
AVClamAVno_virus
AVArcabit (arcavir)Trojan.VBRan.Gen.2
AVBullGuardTrojan.VBRan.Gen.2
AVPadvishno_virus
AVVirusBlokAda (vba32)TScope.Trojan.VB
AVCAT (quickheal)no_virus
AVTrend MicroPossible_Otorun8
AVKasperskyTrojan.Win32.Xtrat.lgy
AVZillya!Trojan.Xtrat.Win32.774
AVEmsisoftTrojan.VBRan.Gen.2
AVIkarusTrojan.Win32.Xtrat
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesno_virus
AVMicroWorld (escan)Trojan.VBRan.Gen.2
AVMicrosoft Security EssentialsTrojan:Win32/Dynamer!ac
AVK7Trojan ( 0034caa31 )
AVBitDefenderTrojan.VBRan.Gen.2
AVFortinetW32/Injector.ADYQ!tr
AVSymantecno_virus
AVGrisoft (avg)Crypt3.AKCX
AVEset (nod32)Win32/Injector.BLII
AVAlwil (avast)Broban-N [Trj]
AVAd-AwareTrojan.VBRan.Gen.2
AVTwisterno_virus
AVAvira (antivir)TR/Dynamer.ac.1215
AVMcafeeno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\\malware.exe

Process
↳ C:\\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\3673_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 196
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1616 -e 152 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 196

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1616 -e 152 -g

Network Details:


Raw Pcap

Strings