Analysis Date2015-11-01 07:25:45
MD5a1c75ed419a8986dc74641b0c422c154
SHA12def808c7ef999c2d48c93873704fc54cbf0b072

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a1ea1b9d47f5f0f6ed61601822e3bcef sha1: 4713d48938b7303f9c2e39fc8ed21c1a0de46893 size: 105984
Section.rdata md5: 60b6e79633ef9bc141be1484dc6f25fe sha1: feb0785ab9f51a71cb19d43ae3df2031543cd50f size: 40448
Section.data md5: fc17993d256f60b889eac2993931a535 sha1: a7c03b505507b8ea0f796e62ecea49894ea7c24e size: 36352
Section.rsrc md5: 64ec0d96daf1ff6f6dbd490da0287433 sha1: 7287a700ef47017d2805b4b1e19bab04c288431a size: 468992
Timestamp2015-10-20 12:24:59
PackerMicrosoft Visual C++ ?.?
PEhash5fdf990270b17b28a82c1d19c6b6dcd9a6a789d4
IMPhash7776e6f9ddcaf8ca2d6033a016079c30
AVMcafeeGamarue-FDC!A1C75ED419A8
AVMcafeeGamarue-FDC!A1C75ED419A8
AVCA (E-Trust Ino)no_virus
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVCA (E-Trust Ino)no_virus
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVArcabit (arcavir)Trojan.GenericKDZ.30724
AVPadvishno_virus
AVPadvishno_virus
AVCAT (quickheal)no_virus
AVRisingno_virus
AVRisingno_virus
AVCAT (quickheal)no_virus
AVSophosno_virus
AVAd-AwareTrojan.GenericKDZ.30724
AVSymantecno_virus
AVSymantecno_virus
AVClamAVno_virus
AVTrend Microno_virus
AVTrend Microno_virus
AVClamAVno_virus
AVTwisterno_virus
AVTwisterno_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVVirusBlokAda (vba32)Backdoor.Androm
AVVirusBlokAda (vba32)Backdoor.Androm
AVDr. WebTrojan.DownLoad3.35944
AVZillya!no_virus
AVZillya!no_virus
AVDr. WebTrojan.DownLoad3.35944
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVEmsisoftTrojan.GenericKDZ.30724
AVEmsisoftTrojan.GenericKDZ.30724
AVAlwil (avast)Androp [Drp]
AVEset (nod32)Win32/Injector.BNHS
AVEset (nod32)Win32/Injector.BNHS
AVAvira (antivir)TR/Crypt.ZPACK.191217
AVFortinetW32/Kryptik.EASA!tr
AVFortinetW32/Kryptik.EASA!tr
AVAvira (antivir)TR/Crypt.ZPACK.191217
AVFrisk (f-prot)no_virus
AVFrisk (f-prot)no_virus
AVAlwil (avast)Androp [Drp]
AVF-SecureTrojan.GenericKDZ.30724
AVF-SecureTrojan.GenericKDZ.30724
AVBitDefenderTrojan.GenericKDZ.30724
AVGrisoft (avg)Crypt_r.AFH

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc

Network Details:


Raw Pcap

Strings