Analysis Date2015-06-11 21:41:41
MD52ca20ccc9102f798b5c088a345b21ee8
SHA1412750824a27f1916293356925677f40443f81b0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 67a22a838f99a3a4930bde1523cc8060 sha1: 389103eacd9372b301bed2e55dd39056003e7935 size: 7680
Section.data md5: 37dfe02439075c759c6886dea09a905e sha1: 5c2fbb82d53c7929eb02facf51644dbf1305e886 size: 512
Section.rdata md5: 749ccb96ff7496a292df4c2056e28782 sha1: 6d74f3a35659b12a8558c5758e2dcc0f449f4a19 size: 512
Section.bss md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 3c4291e5d3aa680fc303fbdf12483c3e sha1: 7ed3f84b81aa99ad60003c35235b37ab04c568bd size: 1024
Section.rsrc md5: 9ced7632ec72b4cac3ab82a168ce0df6 sha1: 34b7ab0ab60d3c33f278dbed9d9f7464078920b0 size: 3584
Timestamp2011-04-26 16:24:16
PEhash5041aac4b0e03d1571dfcba5a0634f234b543c23
IMPhash52c976c8304837a726972b496e44078b
AVAuthentiumW32/Bifrost.AI.gen!Eldorado
AVIkarusTrojan.Win32.Buzus
AVSymantecno_virus
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.gen!GX
AVBullGuardGen:Variant.Zusy.Elzob.9860
AVArcabit (arcavir)Gen:Variant.Zusy.Elzob.9860
AVFortinetW32/Poison.FHOQ!tr.bdr
AVCAT (quickheal)no_virus
AVZillya!no_virus
AVGrisoft (avg)Generic27.CAHL
AVAd-AwareGen:Variant.Zusy.Elzob.9860
AVAvira (antivir)BDS/Bifrose.aeoue
AVMicroWorld (escan)Gen:Variant.Zusy.Elzob.9860
AVBitDefenderGen:Variant.Zusy.Elzob.9860
AVVirusBlokAda (vba32)BScope.Malware-Cryptor.Wgnim
AVF-SecureGen:Variant.Zusy.Elzob.9860
AVEmsisoftGen:Variant.Zusy.Elzob.9860
AVFrisk (f-prot)W32/Bifrost.AI.gen!Eldorado
AVEset (nod32)Win32/Bifrose.NTA
AVAlwil (avast)Agent-AOZU [Trj]
AVPadvishno_virus
AVMcafeeGeneric BackDoor.zt
AVK7Backdoor ( 04c4c33e1 )
AVTrend MicroTSPY_IN.7FA6FBD6
AVMalwareBytesno_virus
AVClamAVno_virus
AVKasperskyTrojan.Win32.Generic
AVDr. WebBackDoor.Bifrost.19762
AVRisingno_virus
AVTwisterVirus.5501E583EC18C70424.mg
AVCA (E-Trust Ino)Win32/Buzus.AFK

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\84df_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 200
Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 200

Network Details:


Raw Pcap

Strings