Analysis Date2015-11-16 11:59:26
MD5aab314580e05f89da2f4743feb308f50
SHA11bd41acbe0bb9f3f0f60f5db2693302dc0dbcd92

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f9ad6b317e746b66179a47674b868225 sha1: f47626ec5b57c799befc46963b65a233bfe128b2 size: 55808
Section.data md5: 3f76e19ac39b5213ee832664be5b065d sha1: 484603e3a31b7aeda1b354fa463fbf0825cd0f96 size: 5120
Section.rsrc md5: 5d2297b2bbdd4edc8643278518cc6cb2 sha1: 9f6f7c8f10686a5fff1207ad323ac39c4bdad72c size: 6144
Timestamp2014-04-24 20:11:33
PackerMicrosoft Visual C++ ?.?
PEhash93fd1e2ae66e64096889adba2c4be5834c392211
IMPhash5d0530dec67800fdf5904df75adbbcf9
AVF-SecureTrojan:W32/Agent.DUVZ
AVAuthentiumW32/A-b1164738!Eldorado
AVMalwareBytesTrojan.Upatre
AVDr. WebTrojan.DownLoad3.32950
AVGrisoft (avg)Downloader.Generic13.CCDV
AVMalwareBytesTrojan.Upatre
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVMicroWorld (escan)Gen:Variant.Strictor.55615
AVTrend MicroTROJ_UPATRE.SMJG
AVClamAVWin.Trojan.Zbot-33796
AVTwisterTrojanDldr.Tiny.NKK.cmuk
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVBitDefenderGen:Variant.Strictor.55615
AVMicroWorld (escan)Gen:Variant.Strictor.55615
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVFortinetW32/Tiny.NKK!tr
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVIkarusTrojan-Downloader.Win32.zbot
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)TrojanDropper.Demp
AVArcabit (arcavir)Gen:Variant.Strictor.55615
AVMcafeePWSZbot-FTY!AAB314580E05
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVAd-AwareGen:Variant.Strictor.55615
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVSymantecDownloader.Ponik
AVFortinetW32/Tiny.NKK!tr
AVK7Trojan-Downloader ( 004993d51 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVRisingno_virus
AVMcafeePWSZbot-FTY!AAB314580E05
AVTwisterTrojanDldr.Tiny.NKK.cmuk
AVAd-AwareGen:Variant.Strictor.55615
AVGrisoft (avg)Downloader.Generic13.CCDV
AVSymantecDownloader.Ponik
AVBitDefenderGen:Variant.Strictor.55615
AVK7Trojan-Downloader ( 004993d51 )
AVAuthentiumW32/A-b1164738!Eldorado
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Variant.Strictor.55615
AVZillya!Downloader.Tiny.Win32.3378
AVCAT (quickheal)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Strictor.55615
AVCA (E-Trust Ino)Win32/Zbot.VXGFUP
AVRisingno_virus
AVIkarusTrojan-Downloader.Win32.zbot
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\temp_cab_1795015.cab
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\1bd41acbe0bb9f3f0f60f5db2693302dc0dbcd92.doc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSwindowsupdate.microsoft.com

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.158
DNSwww.update.microsoft.com.nsatc.net
Type: A
134.170.58.222
DNSwindowsupdate.microsoft.com
Type: A
HTTP GEThttp://windowsupdate.microsoft.com/
User-Agent: Opera/9.25 (Windows NT 6.0; U; en)
Flows TCP192.168.1.1:1031 ➝ 65.55.50.158:80

Raw Pcap

Strings