Analysis Date2016-02-02 00:03:48
MD567867e7d16812a5a761a7e01755cf5fa
SHA1296824a9b1505bc2f32a80aa846b2b2424eb9bae

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b2af8c3cd4c7c7f0f593b55fa9054030 sha1: 2e24dc1c44cddf5899d1682448351edb0ea60255 size: 76288
Section.rdata md5: 8f0631725dda5ccc42027a940ba4dc8c sha1: 027392bea829e11b35c7b0712b8bfee4859a219a size: 9216
Section.data md5: 068fd4845b901474e35282b1fa9e79cc sha1: 72b43c248897c41ca8205294a82c6e3f77d5c424 size: 14336
Section.rsrc md5: c9527ec0dac29fd7f6a8773d70dd871c sha1: cef653115aaa7a2049697267dfbb405d6fcc6642 size: 28672
Timestamp2015-07-29 12:34:46
VersionLegalCopyright: © Microsoft Corporation. All rights reserved.
InternalName: VCUpgrade.exe
FileVersion: 10.0.30319.1 built by: RTMRel
CompanyName: Microsoft Corporation
LegalTrademarks:
ProductName: Microsoft® Visual Studio® 2010
ProductVersion: 10.0.30319.1
FileDescription: Microsoft Visual VCUpgrade Tool
OriginalFilename: VCUpgrade.exe
PackerMicrosoft Visual C++ ?.?
PEhash86d92cc31aacd6822d6c7962258d377bdc6b9c99
IMPhashc6b95bd9ee9d5af1631e19cbcd4ec358
AVArcabit (arcavir)Error Scanning File
AVVirusBlokAda (vba32)Backdoor.Androm
AVGrisoft (avg)Crypt4.BQJV
AVCAT (quickheal)Ransom.Crowti.B4
AVMicroWorld (escan)Gen:Variant.Injector.44
AVK7Trojan ( 004c99ed1 )
AVFortinetW32/Injector.CGNW!tr
AVAuthentiumW32/FakeAlert.ACZ.gen!Eldorado
AVBullGuardGen:Variant.Injector.44
AVTwisterNo Virus
AVMcafeeRDN/Generic BackDoor
AVEmsisoftGen:Variant.Injector.44
AVRisingNo Virus
AVIkarusBackdoor.Win32.Androm
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.GF
AVAd-AwareGen:Variant.Injector.44
AVKasperskyTrojan.Win32.Generic
AVFrisk (f-prot)Error Scanning File
AVF-SecureGen:Variant.Injector.44
AVZillya!Backdoor.Androm.Win32.23954
AVEset (nod32)Win32/Kryptik.DRSB
AVTrend MicroNo Virus
AVDr. WebBackDoor.Andromeda.614
AVClamAVNo Virus
AVBitDefenderGen:Variant.Injector.44
AVAvira (antivir)TR/AD.Gamarue.Y.98
AVMalwareBytesTrojan.Agent
AVCA (E-Trust Ino)No Virus
AVSymantecTrojan.Gen
AVAlwil (avast)Win32:Malware-gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.188.204.101
DNSeurope.pool.ntp.org
Type: A
5.135.181.72
DNSeurope.pool.ntp.org
Type: A
46.4.77.168
DNSeurope.pool.ntp.org
Type: A
78.193.216.180
DNSnorth-america.pool.ntp.org
Type: A
45.79.10.228
DNSnorth-america.pool.ntp.org
Type: A
50.116.52.97
DNSnorth-america.pool.ntp.org
Type: A
159.203.31.244
DNSnorth-america.pool.ntp.org
Type: A
199.102.46.80
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSasia.pool.ntp.org
Type: A
120.88.46.10
DNSasia.pool.ntp.org
Type: A
123.108.225.6
DNSasia.pool.ntp.org
Type: A
129.250.35.250
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
54.252.165.245
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSafrica.pool.ntp.org
Type: A
41.73.42.22
DNSafrica.pool.ntp.org
Type: A
146.231.129.86
DNSafrica.pool.ntp.org
Type: A
196.10.54.57
DNSafrica.pool.ntp.org
Type: A
197.12.0.14

Raw Pcap

Strings