Analysis Date2015-08-15 17:24:15
MD5d58ffd2409815ce4657efd50050ef38f
SHA131214576fcb89c6a987258b00869012726749963

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: fa589fb9617bc1f3801821e43bd5e19a sha1: 82c671c79f1b0b96fd9cfe6bf8f9af73dbaa9a20 size: 99840
Section.rsrc md5: d0f0d32f49f755bab3d28173d8908b82 sha1: 3fd26a08c65665f444878a3825678e21cbf8c896 size: 100864
Section.reloc md5: d05744e155372f2a4bce35265cd45e5e sha1: 0272b2b5e9f8e1de69bdeb68e50fa14e36d7f0fe size: 512
Timestamp2015-04-19 06:52:07
VersionLegalCopyright:
Assembly Version: 0.0.0.0
InternalName: Server.exe
FileVersion: 0.0.0.0
Comments: RPX 1.3.4399.43191
ProductVersion: 0.0.0.0
FileDescription:
OriginalFilename: Server.exe
PackerMicrosoft Visual C# v7.0 / Basic .NET
PEhashc76f77215fa2e9308625797380565d1b11f7b287
IMPhashf34d5f2d4577ed6d9ceec516c1f5a744
AVAvira (antivir)TR/Dropper.MSIL.Gen
AVZillya!no_virus
AVDr. WebTrojan.DownLoader13.8742
AVMalwareBytesBackdoor.NJRat
AVKasperskyTrojan.Win32.Generic
AVAlwil (avast)Injector-KH [Trj]
AVTrend Microno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.133972
AVFrisk (f-prot)no_virus
AVF-SecurePacked:MSIL/SmartIL.A
AVRisingno_virus
AVTwisterno_virus
AVPadvishno_virus
AVSymantecno_virus
AVAuthentiumW32/MSIL_Troj.FT.gen!Eldorado
AVEset (nod32)MSIL/Injector.AWA
AVClamAVno_virus
AVIkarusTrojan.MSIL.Injector
AVEmsisoftGen:Variant.Kazy.133972
AVCA (E-Trust Ino)no_virus
AVGrisoft (avg)Luhe.Fiha.A
AVFortinetMSIL/AWA!tr
AVAd-AwareGen:Variant.Kazy.133972
AVMcafeeRDN/Generic.dx!dql
AVBitDefenderGen:Variant.Kazy.133972
AVK7Trojan ( 003b68931 )
AVCAT (quickheal)Trojan.Generic.r3
AVBullGuardGen:Variant.Kazy.133972
AVMicrosoft Security EssentialsBackdoor:MSIL/Bladabindi
AVMicroWorld (escan)Gen:Variant.Kazy.133972
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Processdw20.exe -x -s 308

Process
↳ dw20.exe -x -s 308

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\1337E.dmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dw.log
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\1337E.dmp
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:


Raw Pcap

Strings