Analysis Date2015-11-01 06:53:14
MD5827ba7c296d22cc3390347e3c6974e62
SHA1250d38eaab1d7cdc2926f22b48ed529f38b3abaa

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 70261fb3793aa0c81f164518d2003eb2 sha1: 243ea4770d97d1adb6f6ecb05d516d481ddacde3 size: 105984
Section.rdata md5: 0d32bd5e58d345f9d0f8a26d1eab18dc sha1: 6c5c741b8083e325af6e2a9f449eaeae82d282f2 size: 40448
Section.data md5: 4380a18c49b26343e8b95aa22cac9d37 sha1: 9a92fc6e6260b22e61fa777e82a46c408e5e78e0 size: 36352
Section.rsrc md5: 07ab578d6cee220cafb33bdcb4785db7 sha1: aa554884236d2d6b37c2d77bca134fe086f70037 size: 470528
Timestamp2015-10-20 09:25:01
PackerMicrosoft Visual C++ ?.?
PEhashc87fce7f6a983647505851972d7078c4fe301a07
IMPhash0f1422f6f966999cd25ed9348134c464
AVAd-AwareTrojan.GenericKDZ.30724
AVGrisoft (avg)Crypt_r.AFK
AVCAT (quickheal)no_virus
AVIkarusno_virus
AVAvira (antivir)TR/Crypt.ZPACK.191198
AVK7Riskware ( 0040eff71 )
AVClamAVno_virus
AVKasperskyTrojan.Win32.Yakes.mwwf
AVArcabit (arcavir)Trojan.GenericKDZ.30724
AVMalwareBytesRansom.CryptoWall
AVDr. WebTrojan.DownLoad3.35944
AVMcafeeGamarue-FDC!827BA7C296D2
AVBitDefenderTrojan.GenericKDZ.30724
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.GF
AVEmsisoftTrojan.GenericKDZ.30724
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVAlwil (avast)Androp [Drp]
AVPadvishno_virus
AVEset (nod32)Win32/Injector.BNHS
AVRisingno_virus
AVBullGuardTrojan.GenericKDZ.30724
AVFortinetW32/Kryptik.EASA!tr
AVSymantecno_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVTrend Microno_virus
AVFrisk (f-prot)no_virus
AVTwisterno_virus
AVCA (E-Trust Ino)no_virus
AVVirusBlokAda (vba32)Backdoor.Androm
AVF-SecureTrojan.GenericKDZ.30724
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc

Network Details:


Raw Pcap

Strings