Analysis Date2015-07-05 22:28:00
MD5219a44645289d8b96c5d94dd0b0036c9
SHA122a3f599f520126f174144605c0f4970da0f75a8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: 4af35b1130dad8462f3b5e23b2026df9 sha1: c2f97a01aa1a85e57555f3a14a31e23ace4e31e2 size: 38912
SectionDATA md5: cce30aede0958640a846f35a76cad1d7 sha1: a028e09929a5a2c199e898ce7d42e647234694ba size: 1536
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 2a435f04c2ff4ca8018ccdaabf9f19f1 sha1: ae12f382b281591064885a7fc095f7f39b9dcc2c size: 2560
Section.tls md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rdata md5: 994c454bc9dd923a2dd36d6f9b3a0d6b sha1: fff98ceaa005cc6278b16ed3516e139e96746bd7 size: 512
Section.reloc md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 493fd0b62e65fa98e3c8892d875a228f sha1: 512322a1cc678e05edb7afc6ea6983ee3de37f68 size: 10240
Timestamp1992-06-19 22:22:17
PEhashaf52a42e6cf569af6eff851f094b2e0b00dbfaa2
IMPhash1754bc2d288533008a4f1472fc626401
AVCA (E-Trust Ino)Win32/FakeAV.CTK
AVF-SecureDeepScan:Generic.Malware.SYBddld.E4A8A3F1
AVDr. WebTrojan.DownLoader10.13256
AVClamAVTrojan.Delf-9628
AVArcabit (arcavir)DeepScan:Generic.Malware.SYBddld.E4A8A3F1
AVBullGuardDeepScan:Generic.Malware.SYBddld.E4A8A3F1
AVPadvishMalware.Trojan.Delf-9628
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyBackdoor.Win32.Zegost.mswwt
AVZillya!no_virus
AVEmsisoftDeepScan:Generic.Malware.SYBddld.E4A8A3F1
AVIkarusWin32.SuspectCrc
AVFrisk (f-prot)W32/Dropper.AHIP
AVAuthentiumW32/Risk.KRZM-0127
AVMalwareBytesTrojan.StartPage.SMR
AVMicroWorld (escan)DeepScan:Generic.Malware.SYBddld.E4A8A3F1
AVMicrosoft Security Essentialsno_virus
AVK7Trojan ( 004abf9e1 )
AVBitDefenderDeepScan:Generic.Malware.SYBddld.E4A8A3F1
AVFortinetno_virus
AVSymantecno_virus
AVGrisoft (avg)Win32/DH{gQwBCTY6KTkP}
AVEset (nod32)no_virus
AVAlwil (avast)Downloader-E [Trj]
AVAd-AwareDeepScan:Generic.Malware.SYBddld.E4A8A3F1
AVTwisterTrojan.9B76DC5E97B82F08
AVAvira (antivir)TR/Agent.54784.3
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~1.bat
Creates Processcmd.exe /c C:\Documents and Settings\Administrator\Local Settings\Temp\~1.bat C:\malware.exe

Process
↳ cmd.exe /c C:\Documents and Settings\Administrator\Local Settings\Temp\~1.bat C:\malware.exe

Creates Processnet stop sharedaccess

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex_SHuassist.mtx
Creates MutexShell.CMruPidlList

Process
↳ net stop sharedaccess

Creates Processnet1 stop sharedaccess

Process
↳ net1 stop sharedaccess

Network Details:


Raw Pcap

Strings