Analysis Date2015-11-25 10:23:17
MD56856587224f71c37e1ba7c13b85da2ee
SHA12bbfc11cf4899de19f4af11873ea847a3ad9ab13

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: adddd70da2e424a50c7f0e20d66d838f sha1: 72c6b55eb677c26d014f209389a6cf96e878b981 size: 91648
Section.data md5: 2b32145e9a5ea92e0df6525e6c4c0031 sha1: f6a947d2d82d7aaff78019a47f77d31dc728ec44 size: 13824
Timestamp2015-04-16 08:59:19
PackerBorland Delphi 3.0 (???)
PEhash116a987b94742dc2dc70da2f65af8769a0798806
IMPhash60f1ae65043427404089a0e36707a67d
AVRisingno_virus
AVMcafeeCutwail-FECR!6856587224F7
AVAvira (antivir)TR/Proxy.Gen
AVTwisterno_virus
AVAd-AwareTrojan.Inject.IA
AVAlwil (avast)Cutwail-CW [Trj]
AVEset (nod32)Win32/Wigon
AVGrisoft (avg)Generic36.ASHV
AVSymantecTrojan.Pandex!gm
AVFortinetW32/Cutwail.RU!tr
AVBitDefenderTrojan.Inject.IA
AVK7Trojan ( 003acb9d1 )
AVMicrosoft Security EssentialsSpammer:Win32/Cutwail.gen!D
AVMicroWorld (escan)Trojan.Inject.IA
AVMalwareBytesno_virus
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusGen.Trojan
AVEmsisoftTrojan.Inject.IA
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_WIGON.SM
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Inject.IA
AVArcabit (arcavir)Trojan.Inject.IA
AVClamAVno_virus
AVDr. WebBackDoor.Bulknet.739
AVF-SecureTrojan.Inject.IA
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeCutwail-FECR!6856587224F7
AVAvira (antivir)TR/Proxy.Gen
AVTwisterno_virus
AVAd-AwareTrojan.Inject.IA
AVAlwil (avast)Cutwail-CW [Trj]
AVEset (nod32)Win32/Wigon
AVGrisoft (avg)Generic36.ASHV
AVSymantecTrojan.Pandex!gm
AVFortinetW32/Cutwail.RU!tr
AVBitDefenderTrojan.Inject.IA
AVK7Trojan ( 003acb9d1 )
AVMicrosoft Security EssentialsSpammer:Win32/Cutwail.gen!D
AVMicroWorld (escan)Trojan.Inject.IA
AVMalwareBytesno_virus
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusGen.Trojan

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\OSVersion ➝
73406
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32 ➝
C:\WINDOWS\system32\regedit.exe
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort ➝
65534
Creates File\Device\Afd\Endpoint
Creates Mutexclxzriz36907

Network Details:

DNSmxs.mail.ru
Type: A
94.100.180.150
DNSmxs.mail.ru
Type: A
217.69.139.150
DNSalt4.gmail-smtp-in.l.google.com
Type: A
64.233.166.26
DNSgmail-smtp-in.l.google.com
Type: A
74.125.21.26
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.71
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.72
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.73
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.74
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.75
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.70
DNSmail7.digitalwaves.co.nz
Type: A
Flows TCP192.168.1.1:1031 ➝ 94.100.180.150:25
Flows TCP192.168.1.1:1032 ➝ 64.233.166.26:25
Flows TCP192.168.1.1:1033 ➝ 74.125.21.26:25

Raw Pcap

Strings