Analysis Date2015-12-24 08:51:46
MD5cc1bad52ac24527a5f56a168b21eca25
SHA13cf56744f902b44d007dc2009701503d38f45024

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 890993fbba347921d6aefbd4af2b1d68 sha1: 14b588022d9fcdcbeea455153c52f447b5daabb0 size: 39424
Section.rdata md5: e80a902d8dd3b5861d95fbc00edaaa39 sha1: f05c5e219f5154b9d563022ea5885da77ba27db8 size: 9216
Section.data md5: db8572b18857c4d196864d43aabfe4d8 sha1: fb790810f93381e13cf8fd83605026a9c40d79ea size: 4096
Section.xdfghc md5: a1683f76049845c8164584a5bbaca5a3 sha1: 98ce8df87b33ef9588984065422a7f988085548d size: 23040
Section.kbhjd md5: 00ca57bbbfd952860b37a01c02235c22 sha1: 1e01a1e0a55344162b7160dc3ccb813f41d96fb5 size: 5632
Section.xrth md5: 6fb8ed29c48cea93625d7ce5292d53eb sha1: 7d7de6a18f23cd1f66fd4291963c497b2e477c05 size: 512
Section.rsrc md5: 9a5ef109caae8f2a04676a09aff4091a sha1: f6a0f1d4a3544e3364d197e7d552f5b1ba87d1cf size: 1024
Section.reloc md5: ff9b06e25117ea6f82fff541c6a0c5f9 sha1: 659fe2eecca4b2872ffbb25d45f32e172ad35626 size: 3584
Timestamp2015-09-20 13:15:58
VersionCompanyName: serdjgheru
PackerMicrosoft Visual C++ ?.?
PEhashe4580d09918c4eb36d596bfe8be353ad46d154a5
IMPhash9a0b622db4d13d8c51c2434b257a0f4b
AVFortinetW32/Kryptik.DYFJ!tr
AVVirusBlokAda (vba32)Backdoor.Androm
AVDr. WebTrojan.Siggen.65341
AVFrisk (f-prot)no_virus
AVCA (E-Trust Ino)no_virus
AVZillya!Backdoor.Androm.Win32.28154
AVMcafeeRDN/Generic BackDoor
AVMicroWorld (escan)Trojan.Agent.BMSI
AVSymantecTrojan.Gen
AVGrisoft (avg)Crypt4.CLDE
AVKasperskyBackdoor.Win32.Androm.igvd
AVF-SecureTrojan.Agent.BMSI
AVAd-AwareTrojan.Agent.BMSI
AVEmsisoftTrojan.Agent.BMSI
AVBitDefenderTrojan.Agent.BMSI
AVArcabit (arcavir)Trojan.Agent.BMSI
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVTrend MicroRansom_.0A217DD0
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVClamAVno_virus
AVBullGuardTrojan.Agent.BMSI
AVIkarusVirus.Win32.Cryptor
AVEset (nod32)Win32/Kryptik.DXSG
AVAvira (antivir)TR/Kryptik.abbojp
AVTwisterno_virus
AVK7Trojan ( 004cfed51 )
AVMalwareBytesRansom.CryptoWall
AVRising0x591240a7
AVCAT (quickheal)Worm.Gamarue.WR6
AVAuthentiumW32/S-177bdd36!Eldorado

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.219.28.2
DNSeurope.pool.ntp.org
Type: A
188.40.99.69
DNSeurope.pool.ntp.org
Type: A
91.206.8.70
DNSeurope.pool.ntp.org
Type: A
213.199.225.30
DNSnorth-america.pool.ntp.org
Type: A
50.116.38.157
DNSnorth-america.pool.ntp.org
Type: A
198.211.106.151
DNSnorth-america.pool.ntp.org
Type: A
98.213.66.22
DNSnorth-america.pool.ntp.org
Type: A
52.0.56.137
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSsouth-america.pool.ntp.org
Type: A
179.60.247.252
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSasia.pool.ntp.org
Type: A
180.211.88.211
DNSasia.pool.ntp.org
Type: A
128.199.84.169
DNSasia.pool.ntp.org
Type: A
78.111.50.52
DNSasia.pool.ntp.org
Type: A
211.233.84.186
DNSoceania.pool.ntp.org
Type: A
103.242.68.69
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSafrica.pool.ntp.org
Type: A
196.10.55.57
DNSafrica.pool.ntp.org
Type: A
41.231.53.4
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSafrica.pool.ntp.org
Type: A
197.82.150.123

Raw Pcap

Strings