Analysis Date2015-10-17 19:50:06
MD5f8b33d0251b757ee2656d6430234bf52
SHA137a9ed2d94b0efa14d8d691c798e1d4193026ffc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1473ae1152a8a2e829694e06704ed8dd sha1: 4d874bbf2b52f33ac51b32fe93b308ffac00cfd0 size: 726528
Section.rdata md5: 4da62307bd0c37bc038c17546955911c sha1: 00c09aafec13c2795befa8a7a8d24176fc4ecb76 size: 512
Section.data md5: 7f7fcf91b223391f531a43a972ca2f75 sha1: 31eec175525a01dcd64cf753dd291dd07cbf0ee5 size: 2048
Timestamp2015-10-13 09:24:23
PEhash7b94223e0a10f493bea76fc354d241a25bc09318
IMPhash57c6b6c65d501bc6a9a8278c5b9ad2f2
AVMcafeeW32/VirRansom.b!F8B33D0251B7
AVMcafeeW32/VirRansom.b!F8B33D0251B7
AVCA (E-Trust Ino)no_virus
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.D
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.D
AVCA (E-Trust Ino)no_virus
AVMicroWorld (escan)Win32.Virlock.Gen.3
AVMicroWorld (escan)Win32.Virlock.Gen.3
AVArcabit (arcavir)Win32.Virlock.Gen.3
AVPadvishno_virus
AVPadvishno_virus
AVCAT (quickheal)Ransom.PolyRansom.F3
AVRisingTrojan.Win32.Cridex.a
AVRisingTrojan.Win32.Cridex.a
AVCAT (quickheal)Ransom.PolyRansom.F3
AVSophosW32/VirRnsm-E
AVAd-AwareWin32.Virlock.Gen.3
AVSymantecW32.Ransomlock.AO!gen7
AVSymantecW32.Ransomlock.AO!gen7
AVClamAVno_virus
AVTrend MicroPE_VIRLOCK.A-O
AVTrend MicroPE_VIRLOCK.A-O
AVClamAVno_virus
AVTwisterW32.PolyRansom.f.szjp.mg
AVTwisterW32.PolyRansom.f.szjp.mg
AVAuthentiumW32/S-11daff79!Eldorado
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Hlux
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Hlux
AVDr. WebWin32.VirLock.16
AVZillya!Virus.Virlock.Win32.3
AVZillya!Virus.Virlock.Win32.3
AVDr. WebWin32.VirLock.16
AVAuthentiumW32/S-11daff79!Eldorado
AVEmsisoftWin32.Virlock.Gen.3
AVEmsisoftWin32.Virlock.Gen.3
AVAlwil (avast)Nabucur-A [Trj]
AVEset (nod32)Win32/Virlock.J virus
AVEset (nod32)Win32/Virlock.J virus
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVFortinetW32/Virlock.J
AVFortinetW32/Virlock.J
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVFrisk (f-prot)no_virus
AVFrisk (f-prot)no_virus
AVAlwil (avast)Nabucur-A [Trj]
AVF-SecureWin32.Virlock.Gen.3
AVF-SecureWin32.Virlock.Gen.3
AVBitDefenderWin32.Virlock.Gen.3
AVGrisoft (avg)LockScreen.BO

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\320e_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessLDZK
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 196

Process
↳ LDZK

Creates FileC:\37a9ed2d94b0efa14d8d691c798e1d4193026ffcLDZK

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 196

Network Details:


Raw Pcap

Strings