Analysis Date2015-12-28 06:49:57
MD5e81a223d80531a598f50e87f53784aef
SHA13af1a2b356fd529f07de91e7151fcc12f7c4f74e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 61c475d09f3a9f34f1bd72e0092da81f sha1: 96d614efb2c7885acf387bbcf8c6bff5ee1dbe70 size: 104448
Section.rdata md5: 833aec1e84d72cf49892d4e4e9b5fa8d sha1: 217fea234fb92051c70374d1f669aeb4bc899053 size: 13824
Section.data md5: 00b162bd54570a00b66876941aeeb11a sha1: 01357b70914c9d4c8073d7d57ff0f06aeba1b5a1 size: 16896
Section.rsrc md5: 7b87ac5a1b71922e49bea4ba6db6f178 sha1: d085861f0335192191d0ee4d62be8eae83c7249d size: 60416
Timestamp2015-10-15 19:19:22
VersionLegalCopyright: Copyright (C) 2006 Macrovision Corporation
InternalName: Setup
FileVersion: 3.30.0000
CompanyName: Фаматек
ProductName: Radmin Viewer 3.3
OLESelfRegister:
ProductVersion: 3.30.0000
FileDescription: Setup Launcher
OriginalFilename: Setup.exe
PackerMicrosoft Visual C++ ?.?
PEhash74b707eda37102e46eccc72a863e730bd58092bd
IMPhash8a06bbedbc10a948e9980e09c8e51072
AVArcabit (arcavir)Gen:Variant.Zusy.166007
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVGrisoft (avg)Crypt_r.AEB
AVAvira (antivir)TR/Crypt.Xpack.299870
AVAlwil (avast)Dorder-G [Trj]
AVAd-AwareGen:Variant.Zusy.166007
AVBitDefenderGen:Variant.Zusy.166007
AVBullGuardGen:Variant.Zusy.166007
AVClamAVNo Virus
AVDr. WebTrojan.PWS.Siggen1.42872
AVEmsisoftGen:Variant.Zusy.166007
AVMicroWorld (escan)Gen:Variant.Zusy.166007
AVCA (E-Trust Ino)Gen:Variant.Zusy.166007
AVFortinetW32/Kryptik.EASA!tr
AVFrisk (f-prot)W32/Agent.XL.gen!Eldorado
AVF-SecureGen:Variant.Zusy.166007
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004d44101 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Crypt
AVMcafeeNo Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVNANOTrojan.Win32.Androm.dxyftz
AVEset (nod32)Win32/Kryptik.EAXS
AVPadvishNo Virus
AVCAT (quickheal)Ransom.Crowti.A4
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecTrojan.Gen.2
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)SScope.Worm.Ngrbot
AVWindows DefenderWorm:Win32/Gamarue
AVZillya!Backdoor.Androm.Win32.28637

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.32.54.53
DNSeurope.pool.ntp.org
Type: A
5.77.45.219
DNSeurope.pool.ntp.org
Type: A
46.249.42.15
DNSeurope.pool.ntp.org
Type: A
144.76.14.132
DNSnorth-america.pool.ntp.org
Type: A
108.59.2.24
DNSnorth-america.pool.ntp.org
Type: A
171.66.97.126
DNSnorth-america.pool.ntp.org
Type: A
198.55.111.50
DNSnorth-america.pool.ntp.org
Type: A
52.0.56.137
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.17
DNSasia.pool.ntp.org
Type: A
52.69.228.202
DNSasia.pool.ntp.org
Type: A
120.88.46.10
DNSasia.pool.ntp.org
Type: A
129.250.35.251
DNSasia.pool.ntp.org
Type: A
218.234.23.44
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSafrica.pool.ntp.org
Type: A
196.10.55.57
DNSafrica.pool.ntp.org
Type: A
196.41.127.42
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
197.157.194.21

Raw Pcap

Strings