Analysis Date2015-11-27 05:11:53
MD57eabf59c04ddd6a904741cebd6808951
SHA11f641dd201ee6a460d9dfc5e50cba5ace3afe37c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: ad535d2b0c5dd9b073fbbc466f283eeb sha1: 48f9dd856ad9a06f7eb667cb70bc0dbf360fb729 size: 50176
Section.rsrc md5: 0d1ef6c3b94b63ed316bc8ef7110c7c7 sha1: faf77fba1fa17df5cd8b79cd2c6497ec20645511 size: 10752
Timestamp2013-05-25 15:39:55
VersionLegalCopyright: Copyright Misejka© 2013
InternalName: Ragiza
FileVersion: 2, 1, 3, 2
CompanyName: Hause
PrivateBuild: Kizbow
LegalTrademarks: Gioka©
Comments: Gezera
ProductName: Bigalov
SpecialBuild: Makanz
ProductVersion: 5, 1, 8, 4
FileDescription: Mikega
OriginalFilename: Magez
PackerUPX -> www.upx.sourceforge.net
PEhash763030a0d6fb6783bdfb8c1f50545fabc292195e
IMPhashe58ab46f2a279ded0846d81bf0fa21f7
AVF-SecureGen:Variant.Zusy.49407
AVAuthentiumW32/Gamarue.C.gen!Eldorado
AVMalwareBytesRansom.Winlock
AVDr. WebBackDoor.Andromeda.178
AVGrisoft (avg)Dropper.Generic8.ANGN
AVMalwareBytesRansom.Winlock
AVEset (nod32)Win32/TrojanDownloader.Wauchos.L
AVMicroWorld (escan)Gen:Variant.Zusy.49407
AVTrend MicroWORM_GAMARUE.SMJ
AVClamAVWin.Trojan.Generickdz-133
AVAd-AwareGen:Variant.Zusy.49407
AVEset (nod32)Win32/TrojanDownloader.Wauchos.L
AVBitDefenderGen:Variant.Zusy.49407
AVMicroWorld (escan)Gen:Variant.Zusy.49407
AVAvira (antivir)TR/Rogue.19560
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVFortinetW32/Kryptik.BBYD!tr
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.I
AVIkarusBackdoor.Win32.Androm
AVKasperskyWorm.Win32.Bundpil.aws
AVVirusBlokAda (vba32)no_virus
AVArcabit (arcavir)Gen:Variant.Zusy.49407
AVMcafeeGeneric.gl.gen.a
AVTwisterTrojan.4B480FD503BAB5A2
AVAvira (antivir)TR/Rogue.19560
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVSymantecPacked.Dromedan!gen7
AVFortinetW32/Kryptik.BBYD!tr
AVK7Trojan ( 0049ef861 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.I
AVRisingWorm.Win32.Gamarue.ah
AVMcafeeGeneric.gl.gen.a
AVTwisterTrojan.4B480FD503BAB5A2
AVAd-AwareGen:Variant.Zusy.49407
AVGrisoft (avg)Dropper.Generic8.ANGN
AVSymantecPacked.Dromedan!gen7
AVBitDefenderGen:Variant.Zusy.49407
AVK7Trojan ( 0049ef861 )
AVAuthentiumW32/Gamarue.C.gen!Eldorado
AVFrisk (f-prot)W32/Gamarue.C.gen!Eldorado
AVEmsisoftGen:Variant.Zusy.49407
AVZillya!Backdoor.Androm.Win32.923
AVCAT (quickheal)no_virus
AVPadvishWorm.Win32.Gamarue.msiexec
AVBullGuardGen:Variant.Zusy.49407
AVCA (E-Trust Ino)Win32/Gamarue.EBeAEVC
AVRisingWorm.Win32.Gamarue.ah
AVIkarusBackdoor.Win32.Androm
AVFrisk (f-prot)W32/Gamarue.C.gen!Eldorado

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.157
DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.190
DNSwww.update.microsoft.com
Type: A
DNSmorphed.ru
Type: A
DNSamnsreiuojy.ru
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.50.157:80
Flows UDP192.168.1.1:1032 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1033 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1034 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1035 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1036 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1037 ➝ 8.8.4.4:53

Raw Pcap

Strings