Analysis Date2015-11-01 17:25:42
MD5ce8adcaec2f0ac0ce118785c73aca3a3
SHA136f438d496476d33efc92f886c707900438562d8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e0ac85fdef996967d0913e541d1bc56f sha1: d1745237c21c59194b7fd7e0aa0009ca054a3c35 size: 105984
Section.rdata md5: 77b6e23c9a9f0133f221b514654268e0 sha1: 885f3b9ae70140a29ac95da8bf8c0d8742bda040 size: 40448
Section.data md5: 0edff3cfcfccec964e540df040547c83 sha1: 0087b092ccacf2c78a9dfc49e953aa0d56dc4a6f size: 35840
Section.rsrc md5: b4c113ed799a4a783a66d2b1ba872fe1 sha1: a9df1a83c8f3d0fad75437e1c091dc0b483ec6eb size: 47104
Timestamp2015-10-20 07:29:10
PackerMicrosoft Visual C++ ?.?
PEhashfca38ca712818433b31251f4fdb0f7b933a938b2
IMPhash5d674b062f000fb0cbd00e88e57a9c18
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.GenericKDZ.30724
AVDr. WebTrojan.DownLoad3.35944
AVClamAVno_virus
AVArcabit (arcavir)Trojan.GenericKDZ.30724
AVBullGuardTrojan.GenericKDZ.30724
AVPadvishno_virus
AVVirusBlokAda (vba32)Backdoor.Androm
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Inject.vkap
AVZillya!Trojan.Olmarik.Win32.12438
AVEmsisoftTrojan.GenericKDZ.30724
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVMalwareBytesBackdoor.Andromeda
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVMicrosoft Security EssentialsTrojan:Win32/Lethic.I
AVK7Trojan ( 004cef571 )
AVBitDefenderTrojan.GenericKDZ.30724
AVFortinetW32/Kryptik.EASA!tr
AVSymantecTrojan.Gen.2
AVGrisoft (avg)Crypt_r.AFK
AVEset (nod32)Win32/Injector.BNHS
AVAlwil (avast)Androp [Drp]
AVAd-AwareTrojan.GenericKDZ.30724
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.ZPACK.195781
AVMcafeeGamarue-FDC!CE8ADCAEC2F0
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\c394_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 188

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\9089_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\eab3_appcompat.txt
Creates FilePIPE\lsarpc

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\d294_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\b788_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\e1e6_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\malware.exe

Process
↳ C:\malware.exe

Process
↳ C:\malware.exe

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 188

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Network Details:


Raw Pcap

Strings