Analysis Date2015-07-25 10:50:02
MD5aaff25be3c544526d61f9253e85db98d
SHA11f39600253202726611419f2f32683340375aaa1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 642e860a857915836a7172e244926fd5 sha1: 2bcd2c657640d2a6b8170ab24671046eb43ac332 size: 91648
Section.data md5: c073c0c16371e401d3a2f9e642a5cdfd sha1: 39ce286339f693a68866c4662045d9853d4df8f2 size: 13824
Timestamp2014-05-31 12:41:38
PackerBorland Delphi 3.0 (???)
PEhash116a987b94742dc2dc70da2f65af8769a0798806
IMPhashcc409225ca1dea2fbd99a60a57a52e8c
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.Inject.IA
AVDr. WebBackDoor.Bulknet.739
AVClamAVno_virus
AVArcabit (arcavir)Trojan.Inject.IA
AVBullGuardTrojan.Inject.IA
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Trojan.Generic.01761
AVTrend MicroTROJ_WIGON.SM
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftTrojan.Inject.IA
AVIkarusGen.Trojan
AVFrisk (f-prot)no_virus
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Trojan.Inject.IA
AVMicrosoft Security EssentialsSpammer:Win32/Cutwail.gen!D
AVK7Trojan ( 003acb9d1 )
AVBitDefenderTrojan.Inject.IA
AVFortinetW32/Cutwail.RU!tr
AVSymantecTrojan.Pandex!gm
AVGrisoft (avg)Generic28.BMKU
AVEset (nod32)Win32/Wigon.DC
AVAlwil (avast)Cutwail-CW [Trj]
AVAd-AwareTrojan.Inject.IA
AVTwisterTrojan.446D24FB70BA17E3
AVAvira (antivir)TR/Proxy.Gen
AVMcafeeCutwail-FECR!AAFF25BE3C54

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort ➝
65534
Creates File\Device\Afd\Endpoint
Creates Mutexwqabsj57907

Network Details:

DNSmxs.mail.ru
Type: A
94.100.180.150
DNSmxs.mail.ru
Type: A
217.69.139.150
DNSalt4.gmail-smtp-in.l.google.com
Type: A
74.125.24.27
DNSgmail-smtp-in.l.google.com
Type: A
74.125.201.27
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.72
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.73
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.74
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.75
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.70
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.71
DNSmail7.digitalwaves.co.nz
Type: A
Flows TCP192.168.1.1:1031 ➝ 94.100.180.150:25
Flows TCP192.168.1.1:1032 ➝ 74.125.24.27:25
Flows TCP192.168.1.1:1033 ➝ 74.125.201.27:25

Raw Pcap

Strings