Analysis Date2015-10-14 15:13:19
MD58cb3b5131b39a7d1a7fe23d830b956ed
SHA138733920156d778af27bb3279fd5fbf48f3b65d9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: dabd7ce87bc053a947613035b982c920 sha1: 5a2e9a62cbe7000ae0e8976b1ec8fe5657091f31 size: 11776
Section.rsrc md5: a410cc58642368c1185da92a4318615b sha1: 778bfff5dc5e79ab1e41b601fcddee9b23781143 size: 5632
Timestamp2013-09-30 08:50:44
PackerPECompact 2.0x Heuristic Mode -> Jeremy Collake
PEhashe463ef81653154e21ab5d6d27a49184bb3cb488f
IMPhash09d0478591d4f788cb3e5ea416c25237
AVCA (E-Trust Ino)Win32/Nitol.CHLVcHD
AVF-SecureGeneric.ServStart.EDBC8D63
AVDr. WebTrojan.DownLoader11.3375
AVClamAVno_virus
AVArcabit (arcavir)Generic.ServStart.EDBC8D63
AVBullGuardGeneric.ServStart.EDBC8D63
AVPadvishno_virus
AVVirusBlokAda (vba32)BScope.P2P-Worm.Palevo
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Vehidis.bf
AVZillya!Trojan.Vehidis.Win32.615
AVEmsisoftGeneric.ServStart.EDBC8D63
AVIkarusTrojan.DoS.CVQ
AVFrisk (f-prot)W32/Threat-HLLIP-based!Maximus
AVAuthentiumW32/Threat-HLLIP.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Generic.ServStart.EDBC8D63
AVMicrosoft Security EssentialsTrojan:Win32/ServStart.G
AVK7Trojan ( 0048c0ff1 )
AVBitDefenderGeneric.ServStart.EDBC8D63
AVFortinetW32/ServerStart.DR!tr
AVSymantecInfostealer.Bancos
AVGrisoft (avg)DoS.DNG
AVEset (nod32)Win32/ServStart.DR
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGeneric.ServStart.EDBC8D63
AVTwisterTrojan.8105A0F7D3BD2809
AVAvira (antivir)DDoS/Nitol.B.845
AVMcafeeObfuscated-FALH!hb
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNSutem7.eicp.net
Type: A
174.128.255.231
DNS3.j8ip.com
Type: A
Flows TCP192.168.1.1:1048 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1062 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1076 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1089 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1102 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1115 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1129 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1142 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1155 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1168 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1182 ➝ 174.128.255.231:1678

Raw Pcap
0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .


Strings