Analysis Date2015-11-23 04:46:41
MD55cfd62a96135acfac11fed8335f7cef9
SHA13bd62dd8562f0eaffc21b25e29957ba3a527f561

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9d02f73f75f16195e26b350e1eef571e sha1: 0d43b9e300d04d5cfefa79ae365dd3b43972d0d5 size: 9216
Section.rdata md5: a5c4aef8f13009f29371abc2e9dde903 sha1: 9da2999609954d65c6ab57eea2db1743c9f4ff98 size: 3584
Section.data md5: 66a42d5b0e2250753eb762e9fedd0852 sha1: bee22e79af4106c831e0f86220014f774831811d size: 512
Section.rsrc md5: cbdd0a46e68376cdb13cb8c64cec6f8b sha1: 9c46a601c593e806a0afcad7062d1e8e2d5f2710 size: 11264
Timestamp2013-10-02 08:13:32
PEhash86097e7daa8dffb1c4affd2d14951e30c1f0bef8
IMPhashdb206e36db5c9492ce02c61a679129e2
AVRisingno_virus
AVMcafeeDownloader-FTT!5CFD62A96135
AVAvira (antivir)TR/Agent.agy.4
AVTwisterTrojan.532B76D34FB8FC0D
AVAd-AwareTrojan.GenericKD.1311021
AVAlwil (avast)Small-HTZC [Trj]
AVEset (nod32)Win32/TrojanDownloader.Small.AAB
AVGrisoft (avg)Downloader.Generic13.BNHY
AVSymantecTrojan.Zbot
AVFortinetW32/Mdrop.AAB!tr
AVBitDefenderTrojan.GenericKD.1311021
AVK7Trojan ( 0001140e1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.A
AVMicroWorld (escan)Trojan.GenericKD.1311021
AVMalwareBytesTrojan.Email.FA
AVAuthentiumW32/Trojan.SKUP-8129
AVFrisk (f-prot)W32/Trojan3.GCZ
AVIkarusTrojan-Downloader.Win32.Upatre
AVEmsisoftTrojan.GenericKD.1311021
AVZillya!Trojan.Bublik.Win32.12206
AVKasperskyTrojan-Spy.Win32.Zbot.qylx
AVTrend MicroTROJ_UPATRE.PA
AVCAT (quickheal)TrojanDownloader.Upatre.A5
AVVirusBlokAda (vba32)Trojan.Bublik
AVPadvishTrojan.Win32.Zbot.Generic
AVBullGuardTrojan.GenericKD.1311021
AVArcabit (arcavir)Trojan.GenericKD.1311021
AVClamAVWin.Trojan.Upatre-22
AVDr. WebTrojan.DownLoad3.28161
AVF-SecureTrojan.GenericKD.1311021
AVCA (E-Trust Ino)Win32/Upatre.A!generic
AVRisingno_virus
AVMcafeeDownloader-FTT!5CFD62A96135
AVAvira (antivir)TR/Agent.agy.4
AVTwisterTrojan.532B76D34FB8FC0D
AVAd-AwareTrojan.GenericKD.1311021
AVAlwil (avast)Small-HTZC [Trj]
AVEset (nod32)Win32/TrojanDownloader.Small.AAB
AVGrisoft (avg)Downloader.Generic13.BNHY
AVSymantecTrojan.Zbot
AVFortinetW32/Mdrop.AAB!tr
AVBitDefenderTrojan.GenericKD.1311021
AVK7Trojan ( 0001140e1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.A
AVMicroWorld (escan)Trojan.GenericKD.1311021
AVMalwareBytesTrojan.Email.FA
AVAuthentiumW32/Trojan.SKUP-8129
AVFrisk (f-prot)W32/Trojan3.GCZ
AVIkarusTrojan-Downloader.Win32.Upatre

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\hurok.exe
Creates FilePIPE\wkssvc
Creates Process"C:\Documents and Settings\Administrator\Local Settings\Temp\hurok.exe"

Process
↳ "C:\Documents and Settings\Administrator\Local Settings\Temp\hurok.exe"

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSgemlttwi.com

Network Details:

DNSgemlttwi.com
Type: A
103.14.121.54
Flows TCP192.168.1.1:1031 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1032 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1033 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1034 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1035 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1036 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1037 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1038 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1039 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1040 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1041 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1042 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1043 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1044 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1045 ➝ 103.14.121.54:443
Flows TCP192.168.1.1:1046 ➝ 103.14.121.54:443

Raw Pcap

Strings