Analysis Date2015-11-15 06:52:26
MD55515026cb04611a3df280d682bf50bbe
SHA13033a15f0616edd9697627d5b28c19d761f5b79b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 954b33caf16983dec7d6108adafababf sha1: 7688abef5fccfa79aff72f23006ab354b235c169 size: 11776
Section.data md5: d608b8f70ac7658227cc643c2ddde7a4 sha1: df9da0e493c013c47b6ca3d5229215fb1e1b26bc size: 6656
Section.rsrc md5: 78abc5902493a1870d53c21816a727f0 sha1: 7da7bf19e249996d823adf6bb831510d5c7418ad size: 18432
Timestamp2013-07-19 07:47:35
PEhash54bf42e5cf9ce7c544f7a1c9753b74b08054cd2c
IMPhashdf0e79d97f00107506f8943f65032731
AVF-SecureTrojan.Upatre.Gen.3
AVAuthentiumW32/Dalexis.M.gen!Eldorado
AVMalwareBytesTrojan.Upatre
AVDr. WebTrojan.Upatre.9137
AVGrisoft (avg)Crypt4.AAXF
AVMalwareBytesTrojan.Upatre
AVEset (nod32)Win32/Kryptik.DHMH
AVMicroWorld (escan)Trojan.Upatre.Gen.3
AVTrend Microno_virus
AVClamAVno_virus
AVAd-AwareTrojan.Upatre.Gen.3
AVEset (nod32)Win32/Kryptik.DHMH
AVBitDefenderTrojan.Upatre.Gen.3
AVMicroWorld (escan)Trojan.Upatre.Gen.3
AVAvira (antivir)TR/Dldr.Upatre.JH
AVAlwil (avast)Dyre-K [Trj]
AVFortinetW32/Kryptik.DHMH!tr
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVIkarusTrojan-Downloader.Win32.Upatre
AVKasperskyTrojan-Downloader.Win32.Upatre.sby
AVVirusBlokAda (vba32)TrojanDownloader.Upatre
AVArcabit (arcavir)Trojan.Upatre.Gen.3
AVMcafeeUpatre-FACA!5515026CB046
AVTwisterTrojan.QKK.ca.rwao.mg
AVAvira (antivir)TR/Dldr.Upatre.JH
AVAlwil (avast)Dyre-K [Trj]
AVSymantecno_virus
AVFortinetW32/Kryptik.DHMH!tr
AVK7Trojan ( 004c145a1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeUpatre-FACA!5515026CB046
AVTwisterTrojan.QKK.ca.rwao.mg
AVAd-AwareTrojan.Upatre.Gen.3
AVGrisoft (avg)Crypt4.AAXF
AVSymantecno_virus
AVBitDefenderTrojan.Upatre.Gen.3
AVK7Trojan ( 004c145a1 )
AVAuthentiumW32/Dalexis.M.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.M.gen!Eldorado
AVEmsisoftTrojan.Upatre.Gen.3
AVZillya!Downloader.CTBLocker.Win32.6
AVCAT (quickheal)Trojan.Kadena.B4
AVPadvishno_virus
AVBullGuardTrojan.Upatre.Gen.3
AVCA (E-Trust Ino)no_virus
AVRisingTrojan.Win32.Kryptik.af
AVIkarusTrojan-Downloader.Win32.Upatre
AVFrisk (f-prot)W32/Dalexis.M.gen!Eldorado

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\CanhLog.txt
Creates ProcessC:\Documents and Settings\URNXYMAV\Local Settings\Temp\youcanhelp.exe

Process
↳ C:\Documents and Settings\URNXYMAV\Local Settings\Temp\youcanhelp.exe

Network Details:


Raw Pcap

Strings