Analysis Date2015-08-31 09:11:23
MD51cb4b74e9d030afbb18accf6ee2bfca1
SHA13afd555de08390b8076dd1446538d3187d188dda

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 89f2219e373c03e92dd294185178c363 sha1: 416ace6aeb06932ab528a4250953e4c9706ab33f size: 14336
Section.rdata md5: 32e46d4d95c99aa9a8c626355f1f902a sha1: 1e594bdb4fd5020e470ad089eb7bfde2707b6ee3 size: 9216
Section.data md5: 598e1aae6ecbd8237c4383f4be94b9f1 sha1: ab4a6d7509b109b24572e011b0696647c7af25f0 size: 512
Section.reloc md5: 3acf7b3eb398071431bf3284ce6f7beb sha1: d40988ea5053524bce1a9f6e9360bc7d3b7f6840 size: 1024
Timestamp2014-09-14 13:33:55
PackerMicrosoft Visual C++ v6.0
PEhasha4684cc2c807f338abce26e0d37551498c2a445a
IMPhash138d353dfb15f3c5f729c164a11499b9
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVMicrosoft Security Essentialsno_virus
AVMcafeeRDN/Generic BackDoor
AVAd-AwareTrojan.Generic.12338275
AVK7Trojan ( 004847611 )
AVFrisk (f-prot)no_virus
AVFortinetW32/Dapato.ESOL!tr
AVAvira (antivir)TR/Agent.61146
AVDr. WebTrojan.DownLoader11.46726
AVCA (E-Trust Ino)no_virus
AVSymantecBackdoor.Korplug
AVVirusBlokAda (vba32)TrojanDropper.Dapato
AVKasperskyTrojan.Win32.Generic:Backdoor.Win32.Gulpix.adf
AVIkarusTrojan.Win32.Korplug
AVMicroWorld (escan)Trojan.Generic.12338275
AVBitDefenderTrojan.Generic.12338275
AVEset (nod32)Win32/Agent.QLK
AVTwisterBackdoor.Gulpix.adf.tnlc
AVAuthentiumW32/Trojan.IKUD-3670
AVClamAVno_virus
AVArcabit (arcavir)Trojan.Generic.12338275:Trojan.Generic.12645334
AVRisingno_virus
AVCAT (quickheal)no_virus
AVGrisoft (avg)Agent5.VMI
AVBullGuardTrojan.Generic.12338275
AVPadvishno_virus
AVTrend MicroTROJ_NETFROS.CFG
AVZillya!Dropper.Dapato.Win32.23987
AVEmsisoftTrojan.Generic.12338275
AVF-SecureTrojan.Generic.12338275
AVMalwareBytesno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\wkssvc
Creates Filepnipcn.dll
Creates Filessonsvr.exe
Creates Filepnipcn.dll.url

Network Details:


Raw Pcap

Strings