Analysis Date2015-11-17 17:58:28
MD5e09cbf76f00b2311d06dd23901ee27b6
SHA139be91a2fd1c87ba77b27d0c24ac20a87f3e920d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: dfb3022eb97e266fe8184cc8e9729430 sha1: 35ac9dce93a6d7e419d6e0ba8ce491906eadaae2 size: 48640
Section.rdata md5: 4dc7cf43533b4c378d38b0661d647809 sha1: 9e3bd826079b9dff8e27dc5ff669be631e2515a1 size: 11776
Section.data md5: b21d9ebceac2d271e248c112cb46f4f5 sha1: 6a4a39fa8835fa25a646bac51eaebac8c8058888 size: 17408
Section.rsrc md5: e714d1299636461c86458948e727bdda sha1: 822c52fc26f185e74832c3f8c45e0054aaed33a1 size: 243712
Timestamp2014-10-09 11:49:42
VersionLegalCopyright: Copyright © Microsoft Corporation 1995. All Rights Reserved.
InternalName: espexe
FileVersion: 6.0.6000.16384 (vista_rtm.061029-1900)
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.0.6000.16384
FileDescription: Microsoft® Windows(TM) Economical Service Provider Application
OriginalFilename: ESPEXE.EXE
PackerMicrosoft Visual C++ ?.?
PEhash142b3f986f353ca1d5a04516921bc4cb7d680617
IMPhash82de299da15a8dfeef303da79dd0af56
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Crypt.Xpack.99883
AVTwisterno_virus
AVAd-AwareTrojan.Lethic.Gen.1
AVAlwil (avast)Androp [Drp]
AVEset (nod32)Win32/Injector.BNHS
AVGrisoft (avg)Inject2.AZOR
AVSymantecTrojan.Gen
AVFortinetW32/Injector.BLXX!tr
AVBitDefenderTrojan.Lethic.Gen.1
AVK7Trojan ( 004aef8a1 )
AVMicrosoft Security EssentialsTrojanDropper:Win32/Ropest.A
AVMicroWorld (escan)Trojan.Lethic.Gen.1
AVMalwareBytesTrojan.FakeMS
AVAuthentiumW32/Rovnix.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Yakes
AVEmsisoftTrojan.Lethic.Gen.1
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_SPNR.11JD14
AVCAT (quickheal)Trojan.Yakes.r4
AVVirusBlokAda (vba32)Heur.Malware-Cryptor.Ngrbot
AVPadvishno_virus
AVBullGuardTrojan.Lethic.Gen.1
AVArcabit (arcavir)Trojan.Lethic.Gen.1
AVClamAVno_virus
AVDr. WebTrojan.Asterope.4
AVF-SecureTrojan.Lethic.Gen.1
AVCA (E-Trust Ino)Win32/Tnega.XAVM!suspicious
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Crypt.Xpack.99883
AVTwisterno_virus
AVAd-AwareTrojan.Lethic.Gen.1
AVAlwil (avast)Androp [Drp]
AVEset (nod32)Win32/Injector.BNHS
AVGrisoft (avg)Inject2.AZOR
AVSymantecTrojan.Gen
AVFortinetW32/Injector.BLXX!tr
AVBitDefenderTrojan.Lethic.Gen.1
AVK7Trojan ( 004aef8a1 )
AVMicrosoft Security EssentialsTrojanDropper:Win32/Ropest.A
AVMicroWorld (escan)Trojan.Lethic.Gen.1
AVMalwareBytesTrojan.FakeMS
AVAuthentiumW32/Rovnix.A.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Yakes

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\4e01_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Network Details:


Raw Pcap

Strings