Analysis Date2015-11-04 18:17:16
MD5fa6c182d967314025b9719111b70fcd2
SHA13c9cf66be23d8153e3ec1d08c5e2dd56b94d92bf

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 34f43c1afdce3af8fb04fe4f23ef3132 sha1: b01c8c01df8b14af2817ba49847eb9d1311b2233 size: 272896
Section.rdata md5: b90ad5ea9965d76847884e782acd0536 sha1: c938f3b9367f3ae51f4b1d01a27b54ec4ef57131 size: 512
Section.data md5: 4b4680e4cd4d64737dee8d0f80c1865f sha1: 7ffb48ac4d3a512eecf423ba929f495ed4727d5e size: 105472
Section.rsrc md5: 648d262d795c76d2f29ed096f9945589 sha1: 1059538a94d06fdccab681f5d35429695c07a97b size: 6656
Timestamp1970-01-14 11:48:53
PEhash7bcd2886367239648915c325f677e2e2c7184308
IMPhash50eeeeddde300914f2e7fa95b9bc05a2
AVRisingno_virus
AVMcafeeGeneric FakeAlert.amb
AVAvira (antivir)TR/Kazy.8090.A
AVTwisterTrojan.FDFFFFFFEDFFFFFFB.mg
AVAd-AwareGen:Heur.Cridex.2
AVAlwil (avast)MalOb-EY [Cryp]
AVEset (nod32)Win32/Kryptik.JXW
AVGrisoft (avg)FakeAlert.XN
AVSymantecVirusDoctor!gen1
AVFortinetW32/FakeAV.PACK!tr
AVBitDefenderGen:Heur.Cridex.2
AVK7Trojan ( 001e60c61 )
AVMicrosoft Security EssentialsRogue:Win32/Winwebsec
AVMicroWorld (escan)Gen:Heur.Cridex.2
AVMalwareBytesno_virus
AVAuthentiumW32/FakeAlert.JW.gen!Eldorado
AVFrisk (f-prot)W32/FakeAlert.JW.gen!Eldorado
AVIkarusTrojan.Win32.FakeAV
AVEmsisoftGen:Heur.Cridex.2
AVZillya!Trojan.FakeAV.Win32.45054
AVKasperskyTrojan.Win32.FakeAV.aepj
AVTrend MicroTROJ_FAKEAV.SMID
AVCAT (quickheal)FraudTool.Security
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Maxplus.0997
AVPadvishno_virus
AVBullGuardGen:Heur.Cridex.2
AVArcabit (arcavir)Gen:Heur.Cridex.2
AVClamAVTrojan.Fakesec-309
AVDr. WebTrojan.Fakealert.19937
AVF-SecureRogue:W32/VirusDoctor.J
AVCA (E-Trust Ino)Win32/FakeSpypro.B!generic

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\Application Data\gGgIiGk01817\gGgIiGk01817.exe
Creates FileC:\3c9cf66be23d8153e3ec1d08c5e2dd56b94d92bf
Deletes FileC:\3c9cf66be23d8153e3ec1d08c5e2dd56b94d92bf
Creates Process"C:\Documents and Settings\All Users\Application Data\gGgIiGk01817\gGgIiGk01817.exe" "C:\malware.exe"
Creates MutexDBWinMutex

Process
↳ "C:\Documents and Settings\All Users\Application Data\gGgIiGk01817\gGgIiGk01817.exe" "C:\malware.exe"

Network Details:


Raw Pcap

Strings