Analysis Date2015-11-25 09:12:49
MD548f2b7b6de18e9ff38214fdb261e889a
SHA11c8ae978d2d5db83627c480f5f329350cd1cb447

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 71a3b690955d9d577588632dd2dcb43e sha1: a7f143351c1f6e68d54f7d71ecac72119ee461c1 size: 6144
Section.rdata md5: ce83d6264c2c24d73cb58e162c9a2a81 sha1: f40e6178fe0a19dab92871b934372b38dae5de55 size: 4096
Section.data md5: dd6353ee20c5d4b99778aeba83563ebf sha1: f162de846c854818c26800d802ff90e50903fb45 size: 2048
Section.rsrc md5: e86a416c1e7cb814419d8fb23eeeb096 sha1: 232f346c6237124ebb000ed96db1ce8ff783cf38 size: 19968
Timestamp2013-03-25 20:29:43
PackerMicrosoft Visual C 2.0
PEhashf0254163396cc975a66ac694a20d074f92c8815b
IMPhash012c63bb5f7f1ff21471f621b5d79f47
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeDownloader-FASG!48F2B7B6DE18
AVAvira (antivir)TR/Crypt.ZPACK.159799
AVTwisterno_virus
AVAd-AwareTrojan.Downloader.JRTI
AVAlwil (avast)GenMalicious-KNL [Trj]
AVEset (nod32)Win32/Kryptik.DIGI
AVGrisoft (avg)Crypt_s.IMB
AVSymantecDownloader.Upatre!gen5
AVFortinetW32/Kryptic.ABGK!tr
AVBitDefenderTrojan.Downloader.JRTI
AVK7Trojan ( 004c29131 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.G
AVMicroWorld (escan)Trojan.Downloader.JRTI
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.Q.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.Q.gen!Eldorado
AVIkarusTrojan.VB.Crypt
AVEmsisoftTrojan.Downloader.JRTI
AVZillya!no_virus
AVKasperskyTrojan-Downloader.Win32.Upatre.aetm
AVTrend MicroTROJ_UP.9EED1BD4
AVCAT (quickheal)Trojan.Kadena.B4
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Downloader.JRTI
AVArcabit (arcavir)Trojan.Downloader.JRTI
AVClamAVno_virus
AVDr. WebTrojan.DownLoader13.28824
AVF-SecureTrojan.Downloader.JRTI
AVCA (E-Trust Ino)no_virus
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeDownloader-FASG!48F2B7B6DE18
AVAvira (antivir)TR/Crypt.ZPACK.159799
AVTwisterno_virus
AVAd-AwareTrojan.Downloader.JRTI
AVAlwil (avast)GenMalicious-KNL [Trj]
AVEset (nod32)Win32/Kryptik.DIGI
AVGrisoft (avg)Crypt_s.IMB
AVSymantecDownloader.Upatre!gen5
AVFortinetW32/Kryptic.ABGK!tr
AVBitDefenderTrojan.Downloader.JRTI
AVK7Trojan ( 004c29131 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.G
AVMicroWorld (escan)Trojan.Downloader.JRTI
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.Q.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.Q.gen!Eldorado
AVIkarusTrojan.VB.Crypt

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\InstallXul.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\212f_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 200
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1424 -e 156 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 200

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1424 -e 156 -g

Network Details:


Raw Pcap

Strings