Analysis Date2015-10-17 13:13:23
MD5f917c0f89eeb42472ade2d795ed5a0da
SHA122adcf73acf3f80e18c981f9c70c17f39d5314bc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3225c0205ea1a6bcc279afed608412ac sha1: 61eafc545030a4b4bfb757519b610bb6e19815ac size: 68096
Section.rdata md5: 910018edaf2d6be326062cf0eb3a705f sha1: b24859c4a2053b982dc156641301c7fe0bd09aed size: 10752
Section.data md5: af7d9393446de51b2abb3cacb7a45d13 sha1: 409571482d3de2197b16b147c129a10e64296629 size: 10240
Section.gyhjkgh md5: 789647ae662021091518d252425897e8 sha1: cee4091420992f3d3a1456c3a8be3cb439243c95 size: 23040
Section.fgher md5: 23048c3cae79e79fd79a9c44889b1c0a sha1: 4d781173a026b60c879e1acb84cc136003911cfe size: 5632
Section.rsrc md5: 62b66e4c82a94503f1842fb035161911 sha1: 79be840f0a613dd6db8c32a673df60ce8283db20 size: 1536
Section.reloc md5: 1ea4b1ec5f59dadbb65cf240e3fa769e sha1: ea617b930fc54d6687364e7c728f69299caf96bd size: 4608
Timestamp2015-09-28 19:55:39
VersionLegalCopyright: drtudsetxtjhxertsxer
InternalName: drtudsetxtjhxertsxer
FileVersion: 3.10.349.0
CompanyName: drtudsetxtjhxertsxer
LegalTrademarks1: drtudsetxtjhxertsxer
LegalTrademarks2: drtudsetxtjhxertsxer
ProductName: drtudsetxtjhxertsxer
ProductVersion: 3.10
FileDescription: vbxzewrtsxrtsrgzxgzdf
OriginalFilename: drtudsetxtjhxertsxer
PackerMicrosoft Visual C++ ?.?
PEhash7d7497a4fbeed1bc643d0b14d7124e8e7b9dba47
IMPhashb6f9084ab0772acf50979968d33de76c
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.575686
AVDr. WebTrojan.Siggen.65341
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.575686
AVBullGuardGen:Variant.Kazy.575686
AVPadvishTrojan.Win32.FakeSysDef.OE
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Worm.Gamarue.WR6
AVTrend MicroRansom_.0A217DD0
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftGen:Variant.Kazy.575686
AVIkarusTrojan-Downloader.Win32.Andromeda
AVFrisk (f-prot)no_virus
AVAuthentiumW32/S-b4965596!Eldorado
AVMalwareBytesRansom.CryptoWall
AVMicroWorld (escan)Gen:Variant.Kazy.575686
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVK7Trojan ( 004d2a4d1 )
AVBitDefenderGen:Variant.Kazy.575686
AVFortinetW32/Kryptik.DYFJ!tr
AVSymantecTrojan.Gen
AVGrisoft (avg)Crypt4.CMVI
AVEset (nod32)Win32/Kryptik.DYIS
AVAlwil (avast)Dropper-gen [Drp]
AVAd-AwareGen:Variant.Kazy.575686
AVTwisterTrojan.Girtk.DYIS.pgth
AVAvira (antivir)TR/Crypt.Xpack.294120
AVMcafeeRDN/Ransom
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.200.91.90
DNSeurope.pool.ntp.org
Type: A
193.227.197.2
DNSeurope.pool.ntp.org
Type: A
46.165.212.204
DNSeurope.pool.ntp.org
Type: A
95.65.94.223
DNSnorth-america.pool.ntp.org
Type: A
97.107.129.217
DNSnorth-america.pool.ntp.org
Type: A
108.61.56.35
DNSnorth-america.pool.ntp.org
Type: A
198.60.22.240
DNSnorth-america.pool.ntp.org
Type: A
208.90.144.53
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
170.155.148.1
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSasia.pool.ntp.org
Type: A
128.199.87.155
DNSasia.pool.ntp.org
Type: A
203.158.247.150
DNSasia.pool.ntp.org
Type: A
218.189.210.3
DNSasia.pool.ntp.org
Type: A
120.119.31.1
DNSoceania.pool.ntp.org
Type: A
192.189.54.17
DNSoceania.pool.ntp.org
Type: A
45.114.116.62
DNSoceania.pool.ntp.org
Type: A
59.167.212.31
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
197.80.150.123
DNSafrica.pool.ntp.org
Type: A
197.157.194.21
DNSafrica.pool.ntp.org
Type: A
196.41.127.42

Raw Pcap

Strings