Analysis Date2016-02-01 21:36:08
MD5c3974bb3fd08aaa436534365b29c22ef
SHA12f673f5696f3c9337823682ecc4b8dbd7935c868

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: 491ffc010af56ab0976a31a53a6293ec sha1: 27ab842933e37f37fd6295d7df29c959d0e7b0cc size: 25600
SectionDATA md5: 747039622a4ef61f5043d5df28c396e2 sha1: eebe344e24ae0cc802c5bbc01557c28cf55c0b33 size: 512
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: df4635dd891d1904b0ec056182fa219e sha1: 6a076fc42d5d2ba3638a6b637cf6871310ad4fe8 size: 3072
Section.reloc md5: 5c21eecbde00371a17b5c5aa15a156dd sha1: 62296e7b3ec216de361818954309b3fb2c18b026 size: 2048
Section.rsrc md5: 8205d5b1729c24ef9b1f3cfd043b7a49 sha1: b6b68f00254b86ef6242df4067cd3bf571feba83 size: 1024
Timestamp1992-06-19 22:22:17
PackerBobSoft Mini Delphi -> BoB / BobSoft
PEhashfc249ca071c95ab028fcad9788a0740371e811a5
IMPhash8cfee0552f7a278a049c207cb09920ab
AVF-SecureGen:Variant.Zusy.169807
AVAd-AwareGen:Variant.Zusy.169807
AVGrisoft (avg)BackDoor.Delf.19.Q
AVCAT (quickheal)No Virus
AVIkarusTrojan-Banker.Win32.Agent
AVAvira (antivir)BDS/Hupigon.Gen
AVK7Trojan ( 004afb891 )
AVClamAVWin.Trojan.Agent-958317
AVKasperskyTrojan.Win32.Boht.akq
AVArcabit (arcavir)Gen:Variant.Zusy.169807
AVMalwareBytesBackdoor.Bozok
AVDr. WebTrojan.DownLoad3.35495
AVMcafeeBackDoor-FBVR!C3974BB3FD08
AVBitDefenderGen:Variant.Zusy.169807
AVMicrosoft Security EssentialsBackdoor:Win32/Bezigate!rfn
AVEmsisoftGen:Variant.Zusy.169807
AVMicroWorld (escan)Gen:Variant.Zusy.169807
AVAlwil (avast)NewPos-A [Trj]
AVRisingNo Virus
AVEset (nod32)Win32/Delf.AJG
AVBullGuardGen:Variant.Zusy.169807
AVSymantecBackdoor.Bezigate
AVFortinetW32/Boht.AAR!tr
AVTrend MicroNo Virus
AVAuthentiumW32/Bezigate.B.gen!Eldorado
AVTwisterTrojan.Cap1442920.dapb
AVFrisk (f-prot)No Virus
AVVirusBlokAda (vba32)Trojan.Boht
AVCA (E-Trust Ino)Win32/Tnega.bfTaFFB
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint
Creates Mutex7pXBPEZ6jaYK8
Creates MutexDBWinMutex

Network Details:

DNSChitoK.codns.com
Type: A
127.0.0.1

Raw Pcap

Strings