Analysis Date2015-10-05 03:59:28
MD50a5bd354740dce7b4eb7bda91f26b90c
SHA141058d5a12bfdcecf47604808160ac930b226c88

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4540c1be066982132049908c69e827f6 sha1: d3b18631d625f69975ccedef89182b750a2befa2 size: 91648
Section.data md5: 94c7742662cdcb5a274cbec91dd94733 sha1: 05d41a8aff4fdc1c9500154d0e8a48a56a787cfe size: 13824
Timestamp2014-05-31 13:19:36
PackerBorland Delphi 3.0 (???)
PEhash116a987b94742dc2dc70da2f65af8769a0798806
IMPhashcc409225ca1dea2fbd99a60a57a52e8c
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeCutwail-FECR!0A5BD354740D
AVAvira (antivir)TR/Proxy.Gen
AVTwisterTrojan.Generic.pljs
AVAd-AwareTrojan.Inject.IA
AVAlwil (avast)Cutwail-CW [Trj]
AVEset (nod32)Win32/Wigon.DC
AVGrisoft (avg)Generic33.BHIZ
AVSymantecTrojan.Pandex!gm
AVFortinetW32/Cutwail.RU!tr
AVBitDefenderTrojan.Inject.IA
AVK7Trojan ( 003acb9d1 )
AVMicrosoft Security EssentialsTrojan:Win32/Dorv.B!rfn
AVMicroWorld (escan)Trojan.Inject.IA
AVMalwareBytesno_virus
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusGen.Trojan
AVEmsisoftTrojan.Inject.IA
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_WIGON.SM
AVCAT (quickheal)Trojan.Generic.01761
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Inject.IA
AVArcabit (arcavir)Trojan.Inject.IA
AVClamAVno_virus
AVDr. WebBackDoor.Bulknet.739
AVF-SecureTrojan.Inject.IA

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort ➝
65534
Creates File\Device\Afd\Endpoint
Creates Mutexlaayu55545

Network Details:

DNSmxs.mail.ru
Type: A
94.100.180.150
DNSmxs.mail.ru
Type: A
217.69.139.150
DNSalt4.gmail-smtp-in.l.google.com
Type: A
64.233.184.27
DNSgmail-smtp-in.l.google.com
Type: A
64.233.177.27
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.74
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.75
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.70
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.71
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.72
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.73
DNSmail7.digitalwaves.co.nz
Type: A
Flows TCP192.168.1.1:1031 ➝ 94.100.180.150:25
Flows TCP192.168.1.1:1032 ➝ 64.233.184.27:25
Flows TCP192.168.1.1:1033 ➝ 64.233.177.27:25

Raw Pcap

Strings