Analysis Date2015-12-24 15:07:36
MD591f6f3b7c0856d65f2a96f72f66d4f0a
SHA125bccb1b6176b1a5b90e6e62dfd2bbc8fae9b200

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2cfd3eb53693e7995e4c70309e4e9a5e sha1: fe9cf1b2bff2a8bd5fc99655448dc17259fd3071 size: 107008
Section.rdata md5: 724551d7a5c1486aebef0514be007253 sha1: 8c9ce669a8e339b70d42d54f1699a9ac252a5019 size: 43520
Section.data md5: ef2ce91afff99bd635213173eb960eb5 sha1: 47d75d31ac26a4f6f4b5aa742a6a0495ff8a7c46 size: 35840
Section.rsrc md5: 8fbecf0cb4bd455d62eef1f1a00c7a46 sha1: 2883ff212ea57b28a39669babefc03c55baefa6d size: 58880
Timestamp2015-10-17 08:07:25
PackerMicrosoft Visual C++ ?.?
PEhash70c68f1f5a2f2d69a935508159e79b95106a9fd2
IMPhash33ff57d9f472b03a9189057d8acb84e4
AVAd-AwareTrojan.Lethic.Gen.10
AVDr. WebTrojan.DownLoader17.18858
AVKasperskyTrojan.Win32.Generic
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVEmsisoftTrojan.Lethic.Gen.10
AVK7Trojan ( 004d45e31 )
AVTrend Microno_virus
AVEset (nod32)Win32/Injector.BNHS
AVIkarusTrojan.Win32.Crypt
AVAlwil (avast)Androp [Drp]
AVFortinetW32/Kryptik.EASA!tr
AVGrisoft (avg)Inject3.KMK
AVAvira (antivir)TR/AD.Gamarue.Y.1231
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Lethic.Gen.10
AVSymantecTrojan.Gen.2
AVVirusBlokAda (vba32)no_virus
AVBitDefenderTrojan.Lethic.Gen.10
AVZillya!no_virus
AVBullGuardTrojan.Lethic.Gen.10
AVRisingno_virus
AVMicroWorld (escan)Trojan.Lethic.Gen.10
AVCA (E-Trust Ino)no_virus
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVArcabit (arcavir)Trojan.Lethic.Gen.10
AVCAT (quickheal)Backdoor.Androm.r4
AVMcafeeRDN/Generic BackDoor
AVTwisterno_virus
AVClamAVno_virus
AVMalwareBytesRansom.CryptoWall

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.17.162.12
DNSeurope.pool.ntp.org
Type: A
176.9.92.196
DNSeurope.pool.ntp.org
Type: A
194.239.123.230
DNSeurope.pool.ntp.org
Type: A
178.62.250.107
DNSnorth-america.pool.ntp.org
Type: A
132.163.4.101
DNSnorth-america.pool.ntp.org
Type: A
69.28.90.107
DNSnorth-america.pool.ntp.org
Type: A
50.116.36.122
DNSnorth-america.pool.ntp.org
Type: A
198.60.22.240

Raw Pcap

Strings