Analysis Date2015-11-25 00:19:37
MD5c417b54d59aff7f77d5d1d916023ca1e
SHA12f96f0361a88f1f6f0f06313925d7234074a81a1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ffb80e2edb9116f0d326f02abe46b4d5 sha1: dc54885f50d4e421eeb434c757971a2571a332de size: 29184
Section.rdata md5: 3cc3c7f10a09d4c199db6f3104070887 sha1: e153981e9ab8a921f960fbe36e95b8620a2ba6ed size: 30208
Section.data md5: c9659395b0626b24d74d5e3ad8fc53de sha1: 9e9d1ce6651dd28560307f189184f757b9e63077 size: 18944
Timestamp2015-11-06 14:46:01
PackerMicrosoft Visual C++ ?.?
PEhash2fd2c684e3ccc79c367fe0a258759156d41931e2
IMPhash4bc0ff997ec6b00a7cb79ac9c2bfef90
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Crypt.ZPACK.208598
AVTwisterno_virus
AVAd-AwareGen:Variant.Kazy.766176
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.EDYF
AVGrisoft (avg)Crypt_r.AJS
AVSymantecTrojan.Gen.2
AVFortinetW32/Androm.EDYF!tr.bdr
AVBitDefenderGen:Variant.Kazy.766176
AVK7no_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVMalwareBytesTrojan.MalPack
AVAuthentiumno_virus
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftGen:Variant.Kazy.766176
AVZillya!no_virus
AVKasperskyBackdoor.Win32.Androm.ipxk
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Kazy.766176
AVArcabit (arcavir)Gen:Variant.Kazy.766176
AVClamAVno_virus
AVDr. WebTrojan.DownLoader17.49069
AVF-SecureGen:Variant.Kazy.766176
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Policies\Explorer\Run\317606753 ➝
"C:\Documents and Settings\All Users\msvgqh.exe"\\x00
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\Windows\Load ➝
\\x00
Creates FileC:\Documents and Settings\All Users\113218
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\msvgqh.exe
Creates File\Device\Afd\Endpoint
Deletes FileC:\malware.exe
Winsock DNSmicrosoft.com
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoutsphere.com
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.62.24.228
DNSeurope.pool.ntp.org
Type: A
193.1.219.116
DNSeurope.pool.ntp.org
Type: A
5.45.97.110
DNSeurope.pool.ntp.org
Type: A
147.231.100.5
DNSnorth-america.pool.ntp.org
Type: A
104.131.118.129
DNSnorth-america.pool.ntp.org
Type: A
142.54.181.202
DNSnorth-america.pool.ntp.org
Type: A
190.106.66.11
DNSnorth-america.pool.ntp.org
Type: A
50.22.155.163
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSasia.pool.ntp.org
Type: A
82.200.209.194
DNSasia.pool.ntp.org
Type: A
118.67.200.10
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSoceania.pool.ntp.org
Type: A
116.68.13.155
DNSafrica.pool.ntp.org
Type: A
146.231.129.86
DNSafrica.pool.ntp.org
Type: A
41.73.42.22
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSpool.ntp.org
Type: A
97.107.129.217
DNSpool.ntp.org
Type: A
108.61.73.243
DNSpool.ntp.org
Type: A
167.88.117.204
DNSpool.ntp.org
Type: A
52.0.56.137
DNSmicrosoft.com
Type: A
191.239.213.197
DNSmicrosoft.com
Type: A
23.96.52.53
DNSmicrosoft.com
Type: A
23.100.122.175
DNSmicrosoft.com
Type: A
104.40.211.35
DNSmicrosoft.com
Type: A
104.43.195.251
DNSoutsphere.com
Type: A
Flows UDP192.168.1.1:1043 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1044 ➝ 191.239.213.197:80
Flows UDP192.168.1.1:1045 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1046 ➝ 8.8.4.4:53

Raw Pcap

Strings