Analysis Date2015-12-24 08:21:20
MD52cc8d0d9754fb51696bdea3779b4625a
SHA131ab3558a16e4b4338b3a69b6615c7cbfe1dade2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 038d8b63e779adf68d3d1052b0fc0e41 sha1: cce201fed4b104a13937a55945befc15c3a755a0 size: 68096
Section.rdata md5: 910018edaf2d6be326062cf0eb3a705f sha1: b24859c4a2053b982dc156641301c7fe0bd09aed size: 10752
Section.data md5: af7d9393446de51b2abb3cacb7a45d13 sha1: 409571482d3de2197b16b147c129a10e64296629 size: 10240
Section.gyhjkgh md5: a92005ada146ef1c16c52904b8c31e39 sha1: be17d7fe3fb376c617f731cbcc3be03a38daca70 size: 23040
Section.fgher md5: f0714cbdb5f271c42fa15b8e61d767d9 sha1: c05a037be41b2bae4acbad8a509d271d4bbb970e size: 5632
Section.rsrc md5: 62b66e4c82a94503f1842fb035161911 sha1: 79be840f0a613dd6db8c32a673df60ce8283db20 size: 1536
Section.reloc md5: 1ea4b1ec5f59dadbb65cf240e3fa769e sha1: ea617b930fc54d6687364e7c728f69299caf96bd size: 4608
Timestamp2015-09-25 12:01:07
VersionLegalCopyright: drtudsetxtjhxertsxer
InternalName: drtudsetxtjhxertsxer
FileVersion: 3.10.349.0
CompanyName: drtudsetxtjhxertsxer
LegalTrademarks1: drtudsetxtjhxertsxer
LegalTrademarks2: drtudsetxtjhxertsxer
ProductName: drtudsetxtjhxertsxer
ProductVersion: 3.10
FileDescription: vbxzewrtsxrtsrgzxgzdf
OriginalFilename: drtudsetxtjhxertsxer
PackerMicrosoft Visual C++ ?.?
PEhash7d7497a4fbeed1bc643d0b14d7124e8e7b9dba47
IMPhashb6f9084ab0772acf50979968d33de76c
AVMalwareBytesRansom.CryptoWall
AVFortinetW32/Kryptik.DYFJ!tr
AVTwisterTrojan.Girtk.DYIS.pgth
AVBullGuardGen:Variant.Kazy.575686
AVArcabit (arcavir)Gen:Variant.Kazy.575686
AVAlwil (avast)Dropper-gen [Drp]
AVTrend MicroRansom_.0A217DD0
AVAuthentiumW32/S-b4965596!Eldorado
AVCAT (quickheal)Worm.Gamarue.WR6
AVDr. WebTrojan.Siggen.65341
AVClamAVno_virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Gen:Variant.Kazy.575686
AVGrisoft (avg)Crypt4.CMVI
AVRisingno_virus
AVIkarusTrojan-Downloader.Win32.Andromeda
AVSymantecTrojan.Gen
AVVirusBlokAda (vba32)Backdoor.Androm
AVZillya!Backdoor.Androm.Win32.28248
AVKasperskyTrojan.Win32.Generic
AVCA (E-Trust Ino)no_virus
AVMcafeeRDN/Generic BackDoor
AVK7Riskware ( 0040eff71 )
AVAd-AwareGen:Variant.Kazy.575686
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Variant.Kazy.575686
AVF-SecureGen:Variant.Kazy.575686
AVAvira (antivir)TR/Crypt.Xpack.282977
AVBitDefenderGen:Variant.Kazy.575686
AVEset (nod32)Win32/Kryptik.DYIS

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.225.118.130
DNSeurope.pool.ntp.org
Type: A
193.225.126.76
DNSeurope.pool.ntp.org
Type: A
95.81.173.8
DNSeurope.pool.ntp.org
Type: A
141.30.228.4
DNSnorth-america.pool.ntp.org
Type: A
129.250.35.250
DNSnorth-america.pool.ntp.org
Type: A
159.203.8.72
DNSnorth-america.pool.ntp.org
Type: A
168.235.149.88
DNSnorth-america.pool.ntp.org
Type: A
216.228.192.52
DNSsouth-america.pool.ntp.org
Type: A
200.1.22.6
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSsouth-america.pool.ntp.org
Type: A
146.164.48.5
DNSsouth-america.pool.ntp.org
Type: A
170.155.148.1
DNSasia.pool.ntp.org
Type: A
157.7.203.102
DNSasia.pool.ntp.org
Type: A
202.71.140.36
DNSasia.pool.ntp.org
Type: A
82.200.209.236
DNSasia.pool.ntp.org
Type: A
104.41.190.151
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
103.242.70.4
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
121.0.0.42
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSafrica.pool.ntp.org
Type: A
197.84.150.123
DNSafrica.pool.ntp.org
Type: A
41.78.128.17
DNSpool.ntp.org
Type: A
171.66.97.126
DNSpool.ntp.org
Type: A
45.79.78.173
DNSpool.ntp.org
Type: A
50.116.36.122
DNSpool.ntp.org
Type: A
104.232.3.3

Raw Pcap

Strings