Analysis Date2016-02-05 16:12:00
MD569ee55d27562f5b7cddfc5b77af623c7
SHA1217b5fb258c1d21c2ab19671ee2ce030779df4a0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6f136575592786cd6ccf1da31d488098 sha1: ac018b423c4175c22641fbc1948190792fdcd2e5 size: 33280
Section.rdata md5: 8076dd5f39a451c6ac98ba6764bbbe2f sha1: 842e8a09fc820f9854eb1ae925b281734103d955 size: 40960
Section.data md5: 382fac24b812d32a97b994347d319580 sha1: bd3ca31c3fc5b43ce84b7edcb079443ab821c91e size: 59392
Section.rsrc md5: 5383301b0a1c9c015746a9642cda4215 sha1: 315e44f608c28dcf516eaee388ed172070913b40 size: 157696
Timestamp2015-12-21 11:10:14
VersionLegalCopyright: © 2008 Daniel Pistelli. All rights reserved.
Assembly Version: 2.0.0.0
InternalName: Signature Explorer.exe
FileVersion: 2.0.0.0
CompanyName: Daniel Pistelli
Comments: Signature Manager
ProductName: Signature Explorer
ProductVersion: 2.0.0.0
FileDescription: Signature Explorer
OriginalFilename: Signature Explorer.exe
PackerMicrosoft Visual C++ ?.?
PEhash48ce48edf864d453e94ff585db9400017912142e
IMPhashd284f82b0489e0012fc53f1ad12cf0cb
AVCA (E-Trust Ino)No Virus
AVRisingNo Virus
AVMcafeeGenericR-FUK!69EE55D27562
AVAvira (antivir)TR/Crypt.ZPACK.53974
AVTwisterNo Virus
AVAd-AwareGen:Variant.Kazy.784283
AVAlwil (avast)TeslaCrypt-F [Trj]
AVEset (nod32)Win32/Spy.Zbot.ACB
AVGrisoft (avg)PSW.Generic12.CLQC
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.EIZJ!tr
AVBitDefenderGen:Variant.Kazy.784283
AVK7Spyware ( 004b89a11 )
AVMicrosoft Security EssentialsPWS:Win32/Zbot!VM
AVMicroWorld (escan)Gen:Variant.Kazy.784283
AVMalwareBytesTrojan.MalPack
AVAuthentiumW32/Rovnix.C.gen!Eldorado
AVEmsisoftGen:Variant.Kazy.784283
AVFrisk (f-prot)No Virus
AVIkarusNo Virus
AVZillya!No Virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroNo Virus
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)Ransom.Bitman.WL7
AVBullGuardGen:Variant.Kazy.784283
AVArcabit (arcavir)Gen:Variant.Kazy.784283
AVClamAVNo Virus
AVDr. WebTrojan.Inject1.43628
AVF-SecureGen:Variant.Kazy.784283

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc

Network Details:


Raw Pcap

Strings