Analysis Date2014-11-21 03:38:11
MD5f8bc3b336fe222347f08f3b95422a293
SHA13a12653f6254b3c9a3ea09dc702ba5151f602a84

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
AV360 SafeTrojan.Encpk.Gen.4
AVAd-AwareTrojan.Encpk.Gen.4
AVAlwil (avast)Agent-ASGR [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Inject.295564
AVBullGuardTrojan.Encpk.Gen.4
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebBackDoor.IRC.NgrBot.42
AVEmsisoftTrojan.Encpk.Gen.4
AVEset (nod32)Win32/Injector.AQIA
AVFortinetW32/Agent.ADBJ!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Encpk.Gen.4
AVGrisoft (avg)Inject2.EOQ
AVIkarusTrojan.VBInject
AVK7Trojan ( 0048e3311 )
AVKasperskyWorm.Win32.Ngrbot.vwh
AVMalwareBytesTrojan.Crypt.NKN
AVMcafeeGeneric-FANR!F8BC3B336FE2
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.4
AVNormanTrojan.Encpk.Gen.4
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecTrojan.Zbot
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)Worm.Ngrbot

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
..
J

040904B0
1.03.0454
adesfrgtcvbee
CompanyName
DMC.exe
FileVersion
InternalName
OriginalFilename
ProductName
ProductVersion
rfgtedfr
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
|/&~_%
|0(+/)
0*DATLST
0\'Ja7
=0pT@l
-0v%^p
0vW>,x
0xW cX
0y6}zH`b
<1ehe6fo
1neTueGooenou
+.1s%Nd
2`74N5
,2>74s
29208a
_-2e(`
 2@(Pu
2YWJg{ofv)
<?3@	]7a
3i-@<jL
3mr{NT
3^NDh7
3ShLPh
.`$=4|
4MhlpxC
4!Sl)x
4tI~]pn~:
53D=#MSCO
\55V~K
`|5wNVz
5z?D6yj
(65hYFla
672Cc	c
6UnitS
:6ZuJ[
7DataList
7I-vZ;
7n9wF7
7U}[n\
7'wv.o
#7wV^O
"`8*8$
8yl RC
:9F o{
9GS7ylJK
9 <H_F
,?<9O7
#`_[9:S
9YW:kEV
a91:c~
AddNew
AdWf~"
	AfsgD{	T
aGmrl0w@
AKiH"Nd&
	}Anm<
AOIL/z
A	q 5R
"aS_V3BZ
#aVc\ol
A_xs7]
b^$=4+
b]/bn#
b\f5yW
bFHnUZhW
(Bill R<)J@
BkwzfA
bOh	H{
BoundText
>B.(S')N9
BtIP'z
byNc_H
?cafDu
?@c=ah:
[cd}8s
~{ CFi
{C	ga`
-C]GrS5
=\&ckh
<&cKrG
!<cl+~
cQ?tE)m
{CYk~Zg
@c/Z?r
 D;-`AC
d+=aQX
DeleteU
D/FunK
d^]F\wW
)/^dit
DJ 5.e
DJ'_S&S
DTPickC
d%>+X8
E9? t<:
[EG29M
eglf8`5
eipt['
|en]+_k)
erftghnbh
 Esc hA
EVENT_SINK_
E!Xb#Q
ExitProcess
ext'=D
fc!]hE<
@F/-e!hu
fj^gXF
f>ScJ+$
fTVfS(c
fUlGgW
G{1re_
G6Hs%(
:Gb2	E
GdModu ucmiHWd
GDp4,Y
g%d`XJhz
GetProcAddress
g+mz&$
?GpiD	!}
|GUTPh
,GV+\c
Gy]hrhL
gz_Ix	-
higAQHj
hnyx2=NJ
ho%-9M
HoSCL<
hR'jA\
hrX^J$
(H'SNq
h`wW226
I|0/F.cZ
I7bkup
	I$eG@
iELaBR
IJ'5;M
im-]VLAT
i	,Oje
iZZ>EF
j*6C3	
j9CbMtN
jd@1>M
jM*{0,t
JQZC(f
j[;sj\
JyS "a
K_,!	3
>KAkYN
KBG*};n35tw
KegY2X
KERNEL3
KERNEL32.DLL
K<H?4-k
kH'JRNl
Kh^Os#C
{KI-X5l
k=,P)ysr
,kws@m
kY<q09
-kyRxSG9
}@]l"[
L*.0oPAS
\L0&R7
}leasL
LH13r`
LHL503
L|_n2h
LoadLibraryA
lPointKVCmaZ
l	~rL=
 ls (x86)\Mi
lT)5Ko
l|]ve"
>lWLZ8
L;xk2cT
+LyWVe
lz!a~M8
+m7c<v
MAPO8c
MethCallEng
mjm2:-Y T
~mJRz$
mmLtOh
m"n 1H
%mOjL:R
MO+_U^
,mQs9/;
MS Sanq
MSVBVM60.DLL
MTkDD0
MW,`yj
NAIkB!
 NaYgg
|N@bnJX
N"c0n?c9p
Ncr3U=
NDx^-8
neTueGooenou
neTueGooenou549844484989489494mmmneTueGooenoub
NjNcv1\
n]l:H$
<NVVS!e
<n[x/.
#-!O0VxlU
oAT^.~
oft Visu
oJACTZ
OK'UC}
"oK ue<
O;N	7cv
[O_Pkm,
(|Op&S
optwdic
Ow;_pd]z
OWut=r&
Owv;PIS
#o//z!@
oz$kgS
p\5&$p
<p&8z:
pdappearan
]'^Pfsw
$pG>9T0y/
#_pHMW$X
PJ,Tu;
poledrP
pt{rE`	
PVe&=4
P[;zR^o
qf#LxNH?*n
@+q&hdS
q%mH ]
qOIQr(
qpbqi*
Q{si #
.[qs~t
QT ,CQ
q\v15:	^
q*x1@G
qZKr4DI
r#]2?x
`r5i7q[
[*R=8{
rce	Memft
R~*#e|
RightToL
RQ4	A;
s1V|!&[
sA`zQ}
[SC@4!
s]-g|M
~;Si,>
sInfoW
)!sOo$S
sR8bWr
 *s|rI
ssSplits
SystemParametersInfoW
T_$2adE
T2.OCX
:T-h)bjB
!This program cannot be run in DOS mode.
tioDW|;
Tj0} W
tM[0jAK
 to l@
|t:RL-
t(sDlEj
T;sUv$A+
tTabAc
:tUyrc$
txt VZ
/+T}Zz
U%15R~o
>U1WgS
]U_3Ft
u5@ET'
#u@61o3
uhEm(_
.u<;i}
Ul8aM3
UP>N59p
USer32.DlL
#uYH>]
V]0(^C%
v;0?f$
v2)ASW
<	V2}O
__vbaEx
? vbc30554.QaS
vELg-B
VirtualAlloc
VirtualFree
VirtualProtect
VO_Umo(t
v~q`XT
`#[ W@[ 
W3K41D[
w40)sy
W7v&d:
@+W/89
Wf&Widt
W%IsK~
=w_O(M
wp^kA5
WW\u.n
,$W#[x
$/W+y'd
x76bVv
x!7{r@
XC@F91F&
XD'n:t
Xf4DGC
Xg8 0J	't
?\!/xl
xlD;s;9
XPTPSW
x_;RhH
xRYRTA
XT@j9L
x'y#Qi
xZ1h*#t
xZV~DG|
,@^Y~(
Y1-bO{
-.Y'2)?
y9r~Ok
'_Yd|	%
YG/(g~F
Y"g!{Kh
=|y_\l
yWW'cwIU	+
Yx-x'	#G
Yz;Tb %=_b
ZW2p#*
zX`bfX=
$Z,x.c
Zxtc^7EV