Analysis Date2015-10-14 07:27:17
MD5649968ebf4d1678967d5c1349b60aa18
SHA138b04481177e7724df775817a3fcfd333f6abbc5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: dabd7ce87bc053a947613035b982c920 sha1: 5a2e9a62cbe7000ae0e8976b1ec8fe5657091f31 size: 11776
Section.rsrc md5: a410cc58642368c1185da92a4318615b sha1: 778bfff5dc5e79ab1e41b601fcddee9b23781143 size: 5632
Timestamp2013-09-30 08:50:44
PackerPECompact 2.0x Heuristic Mode -> Jeremy Collake
PEhashe463ef81653154e21ab5d6d27a49184bb3cb488f
IMPhash09d0478591d4f788cb3e5ea416c25237
AVRisingno_virus
AVMcafeeObfuscated-FALH!hb
AVAvira (antivir)DDoS/Nitol.B.845
AVTwisterTrojan.8105A0F7D3BD2809
AVAd-AwareGeneric.ServStart.E7275526
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/ServStart.DR
AVGrisoft (avg)DoS.DNG
AVSymantecBackdoor.Trojan
AVFortinetW32/ServerStart.DR!tr
AVBitDefenderGeneric.ServStart.E7275526
AVK7Trojan ( 0048c0ff1 )
AVMicrosoft Security EssentialsTrojan:Win32/ServStart.G
AVMicroWorld (escan)Generic.ServStart.E7275526
AVMalwareBytesno_virus
AVAuthentiumW32/Threat-HLLIP.gen!Eldorado
AVFrisk (f-prot)W32/Threat-HLLIP-based!Maximus
AVIkarusTrojan.DoS.CVQ
AVEmsisoftGeneric.ServStart.E7275526
AVZillya!Trojan.Vehidis.Win32.615
AVKasperskyTrojan.Win32.Vehidis.bf
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)BScope.P2P-Worm.Palevo
AVPadvishno_virus
AVBullGuardGeneric.ServStart.E7275526
AVArcabit (arcavir)Generic.ServStart.E7275526
AVClamAVno_virus
AVDr. WebTrojan.DownLoader11.3375
AVF-SecureGeneric.ServStart.E7275526
AVCA (E-Trust Ino)Win32/Nitol.CHLVcHD

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNSutem7.eicp.net
Type: A
174.128.255.231
DNS3.j8ip.com
Type: A
Flows TCP192.168.1.1:1049 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1063 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1076 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1090 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1102 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1116 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1129 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1143 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1156 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1169 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1183 ➝ 174.128.255.231:1678

Raw Pcap
0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .


Strings