Analysis Date2015-12-24 14:48:52
MD5eb2501832ac857e1f34ef1d60c992c72
SHA11f5ef1716f26d8055561d4302ee53d0ab49fca63

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0c2fa6987a293f7820f29bea503d9ae9 sha1: d1e7eb5027cd1d941ace25a5c43d83b744531fe5 size: 103936
Section.rdata md5: b7b487fd10027f3cff4033618c2c2746 sha1: 766b84885be6fe29b337d6ec8ed300dd0a26ec08 size: 36864
Section.data md5: 2fa25ff7d2a2350cd94a38625a7999c7 sha1: 4e858446676e0b499ed1433fc0d61beaf8e5413e size: 69120
Section.rsrc md5: 8d84eb3c549e2421f45e78b20576b098 sha1: 9c2ddd471524b8fdac44f7eee9ea802c59adf7bb size: 44032
Timestamp2015-10-23 05:31:27
PackerMicrosoft Visual C++ ?.?
PEhasha84e78986dcb8261d26229d8cbb37e1b25e5d6d8
IMPhash0ad29ac63695cf21b8cfba394512d18d
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVDr. WebTrojan.Dridex.234
AVMalwareBytesno_virus
AVTrend Microno_virus
AVEmsisoftTrojan.Injector.BTM
AVKasperskyTrojan.Win32.Generic
AVAlwil (avast)Androp [Drp]
AVEset (nod32)Win32/Injector.BNHS
AVK7Trojan ( 004d4c2e1 )
AVAvira (antivir)TR/Crypt.ZPACK.195816
AVFortinetW32/Kryptik.ECCZ!tr
AVIkarusTrojan.Win32.Crypt
AVSymantecTrojan.Gen
AVFrisk (f-prot)no_virus
AVGrisoft (avg)Crypt_r.AGO
AVVirusBlokAda (vba32)Trojan.Yakes
AVF-SecureTrojan.Injector.BTM
AVBitDefenderTrojan.Injector.BTM
AVZillya!no_virus
AVBullGuardTrojan.Injector.BTM
AVRising0x594e2d2f
AVArcabit (arcavir)Trojan.Injector.BTM
AVCA (E-Trust Ino)no_virus
AVMicroWorld (escan)Trojan.Injector.BTM
AVTwisterTrojan.Injector.BNHS.loze
AVCAT (quickheal)Backdoor.Androm.r4
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVAd-AwareTrojan.Injector.BTM
AVClamAVno_virus
AVMcafeeRDN/Generic BackDoor

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\789e_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dda0_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\9b89_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\bf5b_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\5caa_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\c239_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\848f_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\6bca_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\a58b_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\e951_appcompat.txt
Creates FilePIPE\lsarpc

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\627f_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 3808 -e 80 -g

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\f916_appcompat.txt

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\a5f3_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\8b1b_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\cb05_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 3808 -e 80 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Network Details:


Raw Pcap

Strings