Analysis Date2015-08-18 06:12:34
MD5e6e10aa0f32140300eaa719cad7adf60
SHA139652d75f7f6bf993ce1d08cd9857a1c79aabeaf

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e3259a52204f743d46125475e4898438 sha1: e61f402b91506f0e706b8624f8d163d1513ab48c size: 239104
Section.rdata md5: f24fbb96a7bf51db306a8502170c348c sha1: 25e3379b4a7cbaaf785d47b8f8f6fae778a2b551 size: 13312
Section.data md5: 269674c0a5fa8b5126d7a3b8301fa527 sha1: bd174d8ef069ae1f844ac66db86dea3f9d812427 size: 6144
Section.rsrc md5: 3cbc5dfb0625c36160b17819dcc5fb52 sha1: 72ad50e8e5f405f41f3f4fb5505c2499eb25536c size: 23552
Timestamp2015-08-08 06:20:30
VersionLegalCopyright: Copyright(c) 2008 Adobe, Inc.; 7-ZIP DLL Copyright(c) 2008 Igor Pavlov
Comment: Created by PowerArchiver. Copyright(c) 2008 ConeXware, Inc. 7-ZIP Copyright (c) 2008 Igor Pavlov.
InternalName:
FileVersion: 1.0.1.2
CompanyName: Adobe Systems Incorporated
LegalTrademarks:
ProductName: Adobe Extractor
ProductVersion: 1.01
FileDescription: Adobe Extractor
Comment2:
OriginalFilename:
PackerMicrosoft Visual C++ ?.?
PEhash357bf488e77305112592c44ddd1440586db5fcf0
IMPhashd8ebcfffc42532cad79ae9f9d64da0a2
AVRisingno_virus
AVMcafeeGamarue-FCA!E6E10AA0F321
AVAvira (antivir)TR/Crypt.ZPACK.121074
AVTwisterTrojan.Girtk.DTDR.ugdt
AVAd-AwareGen:Variant.Mikey.21897
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.DTDR
AVGrisoft (avg)Crypt4.BTWK
AVSymantecTrojan.Gen
AVFortinetW32/Dycler.DTAP!tr
AVBitDefenderGen:Variant.Mikey.21897
AVK7Trojan ( 004cca441 )
AVMicrosoft Security EssentialsTrojan:Win32/Lethic.B
AVMicroWorld (escan)Gen:Variant.Graftor.238913
AVMalwareBytesno_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftGen:Variant.Mikey.21897
AVZillya!no_virus
AVKasperskyno_virus
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Mikey.21897
AVArcabit (arcavir)Gen:Variant.Mikey.21897
AVCA (E-Trust Ino)no_virus
AVClamAVno_virus
AVDr. WebTrojan.Packed.29794
AVF-SecureGen:Variant.Mikey.21897

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KdjSaS011ar ➝
C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011ar.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\KdjSaS011ar ➝
C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011ar.exe\\x00

Process
↳ C:\WINDOWS\Explorer.EXE

Creates File\Device\Afd\Endpoint

Network Details:

Flows TCP192.168.1.1:1031 ➝ 94.23.33.117:6600
Flows TCP192.168.1.1:1032 ➝ 94.23.33.117:6600

Raw Pcap

Strings