Analysis Date2014-09-29 04:59:36
MD5d5bc8bbb769697f4f52ceddc86f71fa2
SHA136b8312dfe8bd7745265d9aad6e09c042cb378f5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0346ebad4b149c134521f33eefd91c4e sha1: 48045d1074d702dc463dcf63951bf0b02583cd27 size: 4608
Section.data md5: 0fc2ffc9cda272a2b601a94eafa260b4 sha1: a93fb65ec35d64902734ae1aedab4f31d525d17f size: 512
Section.rdata md5: d292fc4d68672d99f91ac51129d4ecbc sha1: 1db04a8953f80de1ae2369ab8c1636491313a740 size: 512
Section.bss md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: d059d05727ab31de58767b9d47a650f9 sha1: c9e56221ac20331818bbbb97cd640cda9267e8c4 size: 1536
Timestamp2011-10-24 19:32:44
PEhash2ef33ea36fb0d9ad7864469f44bd32aaf7d9f222
IMPhashd0aca19d242fa8045799abc043d1626b
AVMicrosoft Security Essentialsno_virus
AVRisingno_virus
AVMcafeeRDN/Generic.dx!ddh
AVMicroWorld (escan)Trojan.Generic.11458236
AVMalwareBytesno_virus
AVAvira (antivir)TR/Symmi.3106.17
AVEmsisoftTrojan.Generic.11458236
AVNormanwin32/SB/Malware
AVIkarusTrojan.Win32.Buzus
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVZillya!no_virus
AVAd-AwareTrojan.Generic.11458236
AVTrend Microno_virus
AV360 SafeTrojan.Generic.11458236
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Agent.WKJ
AVVirusBlokAda (vba32)Trojan.Agent
AVCAT (quickheal)no_virus
AVGrisoft (avg)Agent4.BEZY
AVSymantecno_virus
AVArcabit (arcavir)Trojan.Agent.vcnq
AVClamAVno_virus
AVFortinetW32/Inject.CEE!tr
AVK7Riskware ( 0040f0f51 )
AVDr. Webno_virus
AVF-SecureTrojan.Generic.11458236
AVKasperskyTrojan.Win32.Agent.vcnq
AVCA (E-Trust Ino)no_virus
AVMicrosoft Security Essentialsno_virus
AVRisingno_virus
AVMcafeeRDN/Generic.dx!ddh
AVMicroWorld (escan)Trojan.Generic.11458236
AVMalwareBytesno_virus
AVAvira (antivir)TR/Symmi.3106.17
AVEmsisoftTrojan.Generic.11458236
AVNormanwin32/SB/Malware
AVIkarusTrojan.Win32.Buzus
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVZillya!no_virus
AVAd-AwareTrojan.Generic.11458236
AVTrend Microno_virus
AV360 SafeTrojan.Generic.11458236
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Agent.WKJ
AVVirusBlokAda (vba32)Trojan.Agent
AVCAT (quickheal)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Host Controler ➝
C:\Windows\svchost.exe\\x00Ru
Creates ProcessC:\Windows\system\csrss.exe

Process
↳ C:\Windows\system\csrss.exe

Network Details:


Raw Pcap

Strings