Analysis Date2015-05-12 07:04:06
MD54c5e55c2ce6e9176970aeecf9533cdbf
SHA13f5db7a0ba39e6933367b20e42b27cfb24831e20

Static Details:

File typeMS-DOS executable
Section_FLAT md5: 4c0513ad3e784b112463683cc508fdd9 sha1: a6abd4e08c5ed85c620191af6c3cfa90d8c24b59 size: 167936
Section.imports md5: 64a573a2ed29d3dfe307502f54429c0b sha1: 966b441c607bf28492362775d95298baaa73dfcc size: 8192
Timestamp1970-01-01 00:00:00
PEhashd563ed8870f460c0c7c20a3c28bf3ab71519b60e
IMPhashf64ea95e085a8796cbf56151fdd51007
AVMcafeeno_virus
AVAd-AwareGen:Variant.Kazy.551661
AVAlwil (avast)InfoStealer-AQ [Spy]
AVArcabit (arcavir)Gen:Variant.Kazy.551661
AVAuthentiumW32/S-93326249!Eldorado
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBitDefenderGen:Variant.Kazy.551661
AVBullGuardGen:Variant.Kazy.551661
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Kazy.551661
AVEset (nod32)Win32/Korplug.CU
AVFortinetW32/Korplug.CU!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.551661
AVGrisoft (avg)Win32/DH.FF8203A9{Mw}
AVIkarusTrojan.Win32.Korplug
AVK7Trojan ( 003db13d1 )
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMicrosoft Security EssentialsBackdoor:Win32/Plugx!rfn
AVMicroWorld (escan)Gen:Variant.Kazy.551661
AVPadvishno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecBackdoor.Korplug
AVTrend Microno_virus
AVTwisterTrojan.DOMG.pbzv
AVVirusBlokAda (vba32)Backdoor.Gulpix

Runtime Details:

Network Details:


Raw Pcap

Strings
015 
081026
 2015 
 29.04.2015 - grynch@mail.ru - 
32.exe
a\Mail.Ru\Agent\magent.exe
AShld
%AUTO%\AShld
%AUTO%\screen
Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Do
Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down
Gf[Back][Back]Gf[venjdf[Enter]RP Xfqrjdcrjuj[Enter][LWin]
h][Rigth][Rigth][Rigth]1904seelaterboys[Enter]1204sqrt[NUM7][NUM7][NUM0][NUM1][NUM0][NUM1][NUM5][NUM1][NUM6][NUM7][Enter]tkt[Back][Back][Back]tkt[Back][Back][Back][Back]tktwublhju[Back]f[LWin]
hrome_WidgetWin_1
. - Iron
/jjjj
.jpg
 Mail.Ru - Mozilla Firefox
My_Name
n][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][Down][
NULL
on Files\redist\vcredist_x86.exe
ox.exe
:\Program Files\SRWare Iron\iron.exe
.ruG[Back]Gf[venjdfy[Back]ya[Enter],bktn[Back][Back][Back][Back][Back],bktns yf gf[venjde 4 vfz[Enter]RP Xfqrjdcrjuj[Enter]pono[Back][Back][Back][Back][Back]ponominalu.ru[Enter]
Software\Microsoft\Windows\CurrentVersion\Run
tdfycrjq b <t[nthtdf ntvyj-cthfz xfqrf 358 dhjlt yjvth///htrkfvf RFCRJ? C[Back]JCFUJ yf pflytv cntrkt///c rke,ysvb hfvrfvb,skf pfvtxtyf / 
TsJpEk3AFOuLWkb2A2ZADgA4gA&data=UlNrNmk5WktYejR0eWJFYk1LdmtxdEdqcWM4T3NETWViYTNpZ00wUHMzY0dmYWgxRmQ2WW5wX1pOQ1BIYTYzMkk1eFI5aWEtMXBwTWVqNUdQU1YwSG9BY3ZGcmp4UjdHaDJtVngxMEJBWUpacTFQcDBXMDlmZUxKaFZxUno2OVA0ZDExWjQ0SnNIVFNKYllvU3JpeGh5RHhIWF9TaDl
Very Good
%windir%\system32\svchost.exe
Windows AShld Apply 
0%0/050@0I0O0U0[0c0p0v0|0
0<4@7B
05'G-o
127.0.0.1
8f9H*uDPj
9|$Dt	
9|$Ht	
9|$ t	
9|$,t	
9|$(t	
9|$@t	
9|$$t	
AdjustTokenPrivileges
advapi32
advapi32.dll
AllocateAndGetTcpExTableFromStack
AllocateAndGetUdpExTableFromStack
AllocateAndInitializeSid
AllocConsole
ASH-1.0
ASH-1.1
ASH-1.2
ASH-1.3
AttachConsole
BitBlt
CallNextHookEx
ChangeServiceConfig2W
ChangeServiceConfigW
CloseDesktop
CloseHandle
CloseServiceHandle
closesocket
CloseWindowStation
connect
CONNECT 
ConnectNamedPipe
ControlService
ConvertStringSidToSidW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDesktopW
CreateDIBSection
CreateDirectoryW
CreateEnvironmentBlock
CreateEventA
CreateEventW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreateNamedPipeW
CreateProcessAsUserW
CreateProcessW
CreateRemoteThread
CreateServiceW
CreateThread
CreateWindowExW
D$(_^[
@.data
DefWindowProcW
DeleteCriticalSection
DeleteDC
DeleteFileW
DeleteObject
DeleteService
DestroyCursor
DestroyEnvironmentBlock
DestroyIcon
D$,Hx,
DisconnectNamedPipe
DispatchMessageW
d~$jPXjdf
dnsapi
DnsFree
DnsQuery_A
D$TPj&h
D$tPWh
DuplicateHandle
DuplicateTokenEx
D$vf9D$ft(Wf
{?}E37&9
EKFD2Z
EnterCriticalSection
EnumProcesses
EnumProcessModules
EnumServicesStatusExW
EqualSid
ExitProcess
ExitThread
ExitWindowsEx
ExpandEnvironmentStringsW
ExtractIconExW
f9K4t$
f;ADtEf;
FindClose
FindFirstFileW
FindNextFileW
FindWindowW
F$jzXf
FLHHt	Ht
FlushFileBuffers
FreeConsole
FreeSid
gdi32.dll
GdiFlush
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdiPlus.dll
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile
GenerateConsoleCtrlEvent
GetAsyncKeyState
GetClassNameW
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDeviceCaps
GetDIBits
GetDiskFreeSpaceExW
GetDriveTypeW
GetExitCodeThread
GetExtendedTcpTable
GetExtendedUdpTable
GetFileSize
GetFileTime
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetForegroundWindow
gethostbyname
GetIconInfo
GetKeyState
GetLastError
GetLengthSid
GetLocalTime
GetMessageW
GetModuleFileNameExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetModuleInformation
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetQueuedCompletionStatus
GetRawInputData
getsockname
GetStdHandle
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemMetrics
GetSystemTime
GetTcpTable
GetThreadDesktop
GetTickCount
GetTokenInformation
GetUdpTable
GetUserNameW
GetVersion
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GetWindowTextW
GetWindowThreadProcessId
Global
GlobalMemoryStatus
GlobalMemoryStatusEx
^H[_^]
HeapFree
HtDHut
Ht|HtYHtGHt*H
Ht=Huu
HtKHHt
HtlHt8H
HTTP://
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestExA
Hu.j2_
IEWDVcD
ImpersonateLoggedOnUser
.imports
inet_addr
inet_ntoa
InitializeCriticalSection
InitiateSystemShutdownA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA
InternetWriteFile
ioctlsocket
iphlpapi
IsWow64Process
j8Xj.f
|$,j"h
jWX_^[
jWX_^[]
jWX_^]
kernel32
kernel32.dll
KERNEL32.dll
keybd_event
KillTimer
LeaveCriticalSection
L$Hf9{2u
L$hQj,
L$LQPP
LoadCursorW
LoadLibraryA
LocalAlloc
LocalFree
LocalLock
LocalReAlloc
LocalUnlock
LockWorkStation
LookupAccountSidW
LookupPrivilegeValueW
L$,Qj+
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcmpW
lstrcpyA
lstrcpynA
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
MapViewOfFile
memcmp
memcpy
memset
MessageBoxW
`!mK^i
mouse_event
msvcrt.dll
MultiByteToWideChar
niisvt.f3322.org
note.wikaba.com
ntdll.dll
NtQueryInformationProcess
ntxHtn
odbc32
OpenFileMappingW
OpenInputDesktop
OpenProcess
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThread
OpenWindowStationW
PostMessageA
PostQueuedCompletionStatus
PostQuitMessage
PPPPPP
PQj!h 
ProcessIdToSessionId
Proxy-Auth: 
Proxy-Authorization: Basic 
psapi.dll
Pt6Jt$Jt=Jt
/QbTH,
QSSSSSSh 
QSVWh,
QSVWj@
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatusEx
QueueUserAPC
QWWPWW
QxjdXf
`.rdata
ReadConsoleOutputW
ReadFile
ReadProcessMemory
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegisterRawInputDevices
RegOpenCurrentUser
RegOpenKeyExW
RegOverridePredefKey
RegQueryValueExW
RegSetValueExW
.reloc
RemoveDirectoryW
ResetEvent
ResumeThread
RevertToSelf
RtlCompressBuffer
RtlDecompressBuffer
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlGetCompressionWorkSpaceSize
RtlGetLastWin32Error
RtlLeaveCriticalSection
RtlNtStatusToDosError
SelectObject
sendto
SetCapture
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
SetCursorPos
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetProcessWindowStation
setsockopt
SetTcpEntry
SetThreadDesktop
SetTimer
SetTokenInformation
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowsHookExW
SfcIsFileProtected
SHCopyKeyW
SHDeleteKeyW
SHDeleteValueW
shell32
SHEnumKeyExW
SHEnumValueW
SHFileOperationW
SHGetValueW
shlwapi
ShowWindow
shutdown
SleepEx
socket
SQLAllocEnv
SQLAllocHandle
SQLColAttributeW
SQLDataSourcesW
SQLDisconnect
SQLDriverConnectW
SQLDriversW
SQLExecDirectW
SQLFetch
SQLFreeHandle
SQLGetData
SQLGetDiagRecW
SQLMoreResults
SQLNumResultCols
SQLSetEnvAttr
SSSSSSS
SSSSSSSSShT
StartServiceW
|SVWjD_W3
SystemTimeToFileTime
t0Ht"Ht
t5C;^||
t9Ht,Ht
t	9H<u	3
tdT&bg
TerminateProcess
tGHt7Ht'Ht
!This program cannot be run in DOS mode.
t)Ht&-
t/Ht!Ht
t$Ht!Ht
t<Ht/Ht"Ht
t"jhPS
T$L;D$,|
TranslateMessage
uJjdXf;E
:uKf9_
UnhookWindowsHookEx
UnmapViewOfFile
user32
user32.dll
userenv
userenv.dll
VerQueryValueW
version
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQueryEx
$VWh@%
 VWj	h
;%VWu;f
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WindowFromPoint
wininet
wininet.dll
WNetAddConnection2W
WNetCancelConnection2W
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WriteConsoleInputW
WriteFile
WriteProcessMemory
ws2_32
ws2_32.dll
WSACleanup
WSACreateEvent
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketA
WSAStartup
wsprintfA
wsprintfW
wtsapi32
Wtsapi32
wtsapi32.dll
WTSEnumerateProcessesW
WTSFreeMemory
WTSGetActiveConsoleSessionId
WTSQueryUserToken
www.dnsqaz.com
www.sizn-ru.com
YPj2h|
YYj	h\