Analysis Date2015-11-19 03:03:10
MD5a6194d606a6c823a0fb1a2254bae7d73
SHA13b879365fc4dfeecfc2dadd52dcc5cc8eeeb52c9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f9ad6b317e746b66179a47674b868225 sha1: f47626ec5b57c799befc46963b65a233bfe128b2 size: 55808
Section.data md5: 3f76e19ac39b5213ee832664be5b065d sha1: 484603e3a31b7aeda1b354fa463fbf0825cd0f96 size: 5120
Section.rsrc md5: 676b2e00b44217df2254487cf1ccf9c9 sha1: d3454f972d1f122b33c6d4b8a3c76ff367264473 size: 6144
Timestamp2014-04-24 20:11:33
PackerMicrosoft Visual C++ ?.?
PEhash93fd1e2ae66e64096889adba2c4be5834c392211
IMPhash5d0530dec67800fdf5904df75adbbcf9
AVRisingno_virus
AVMcafeePWSZbot-FTY!A6194D606A6C
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVTwisterTrojanDldr.Tiny.NKK.cmuk
AVAd-AwareGen:Variant.Strictor.55615
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVGrisoft (avg)Downloader.Generic13.CCDV
AVSymantecDownloader.Ponik
AVFortinetW32/Tiny.NKK!tr
AVBitDefenderGen:Variant.Strictor.55615
AVK7Trojan-Downloader ( 004993d51 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVMicroWorld (escan)Gen:Variant.Strictor.55615
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/A-b1164738!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Downloader.Win32.zbot
AVEmsisoftGen:Variant.Strictor.55615
AVZillya!Downloader.Tiny.Win32.3378
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_UPATRE.SMJG
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)TrojanDropper.Demp
AVPadvishno_virus
AVBullGuardGen:Variant.Strictor.55615
AVArcabit (arcavir)Gen:Variant.Strictor.55615
AVClamAVWin.Trojan.Zbot-33796
AVDr. WebTrojan.DownLoad3.32950
AVF-SecureTrojan:W32/Agent.DUVZ
AVCA (E-Trust Ino)Win32/Zbot.VXGFUP
AVFrisk (f-prot)no_virus
AVRisingno_virus
AVMcafeePWSZbot-FTY!A6194D606A6C
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVTwisterTrojanDldr.Tiny.NKK.cmuk
AVAd-AwareGen:Variant.Strictor.55615
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVGrisoft (avg)Downloader.Generic13.CCDV
AVSymantecDownloader.Ponik
AVFortinetW32/Tiny.NKK!tr
AVBitDefenderGen:Variant.Strictor.55615
AVK7Trojan-Downloader ( 004993d51 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVMicroWorld (escan)Gen:Variant.Strictor.55615
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/A-b1164738!Eldorado
AVIkarusTrojan-Downloader.Win32.zbot

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\temp_cab_71484.cab
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\3b879365fc4dfeecfc2dadd52dcc5cc8eeeb52c9.doc
Winsock DNSwindowsupdate.microsoft.com

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.189
DNSwww.update.microsoft.com.nsatc.net
Type: A
157.55.240.94
DNSwindowsupdate.microsoft.com
Type: A
HTTP GEThttp://windowsupdate.microsoft.com/
User-Agent: Opera/9.25 (Windows NT 6.0; U; en)
Flows TCP192.168.1.1:1031 ➝ 65.55.50.189:80

Raw Pcap

Strings