Analysis Date2014-12-03 06:53:50
MD5240b7524335de46d6c445741209bae82
SHA141bba427d897c49cfe2d79f79bfab7985c8f0285

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: 67202ef7ef59505c33bc1418005b1b5e sha1: 97b0599638d5b2ccb94e37226a65e9b3f8d8f5df size: 9728
Section.reloc md5: 5aa2152b20baa713f835f6d57c98046d sha1: 9a952528e675a518c5fe631b86e60449e6bb62cf size: 1024
Section.data md5: 9fffb94da5b810c1370ae7c3e04d059d sha1: 07937f8820873e5da339fd5c818661d3d5910f04 size: 5632
SectionDATA md5: 40b05acb053d26db91e20a20143cb86b sha1: ca5ed0198cfbfe980cb458823018d068b81939cc size: 5632
Section.rsrc md5: ab68e5010e6bf9311fcca764f7c2b2e7 sha1: 08ddffd45ac696c27927b14eec98c257e0a7c09b size: 132608
Section.edata md5: 21344e13362a76a1675ae9565e53597e sha1: 8c8036b31dfbd2be1a29ca04659734a3382ef829 size: 512
Timestamp2005-02-24 11:58:52
PEhashc56b087eb44b3a834bbc947f29767652c33ef4b9
IMPhash8fd128f3372cc24b9af9ed7cc74b4630
AV360 SafeGen:Variant.Kazy.234312
AVAd-AwareGen:Variant.Kazy.234312
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Backdoor.ZAccess.ddzx
AVAuthentiumno_virus
AVAvira (antivir)TR/Crypt.ZPACK.Gen2
AVBullGuardGen:Variant.Kazy.234312
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Sirefef.A
AVClamAVno_virus
AVDr. WebBackDoor.Maxplus.12846
AVEmsisoftGen:Variant.Kazy.234312
AVEset (nod32)Win32/Kryptik.BJAQ
AVFortinetW32/ZAccess.FB!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.234312
AVGrisoft (avg)Crypt_s.CYV
AVIkarusTrojan.Crypt_s
AVK7no_virus
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesMalware.Packer.DF
AVMcafeeZeroAccess-FBJ!240B7524335D
AVMicrosoft Security EssentialsTrojan:Win32/Sirefef.P
AVMicroWorld (escan)Gen:Variant.Kazy.234312
AVNormanGen:Variant.Kazy.234312
AVRisingno_virus
AVSophosMal/EncPk-ALD
AVSymantecBackdoor.Trojan
AVTrend MicroTROJ_KRYPTK.SMA3
AVVirusBlokAda (vba32)Trojan.TDSS.01414

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileGoogleUpdate.exe
Creates FilePIPE\lsarpc
Creates File@
Creates File\Device\Afd\Endpoint
Creates ProcessC:\WINDOWS\system32\cmd.exe

Process
↳ C:\WINDOWS\system32\cmd.exe

Network Details:

DNSj.maxmind.com
Type: A
Flows UDP192.168.1.1:1031 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1032 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1033 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1034 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1035 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1036 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1037 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1039 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1041 ➝ 85.114.128.127:53
Flows UDP192.168.1.1:1045 ➝ 85.114.128.127:53

Raw Pcap

Strings
V.
'G1G/.&..".
4.
.?W..
j
.RE
.
.
-.&+$,
030@0Z0p0}0
.0<@gC
1@1F1U1i1{1
_1'^G~
1+V2KW
232G2x2
2EGS#c
-2J"SzV
"2;QHt
3$3,3Q3w3
36vb-Kz
3I	E@}
3ls*d5A
}4 LOJF?
4S>W*hg
5?4E9F
5$5n5}5
5A5STw
5_+=LB8G
5Z7Ym"
6<wa*r
7Y(F6t|
#8Bu(Q
!(8Lu|<
8_OI\@
8<tS	Z
>|9Ao$
$9cEA`
9j"]y)
9SXovF
9vLbGV
a*(7&b
_a[(+9W
ac4eHV
AddConsoleAliasA
advapi32.dll
#A/et#R
AI$AyK
AppendMenuA
aro5:I
AT??.I
A$UQq0
av%pR1
]).b (
BE<1/}b[
BeginPaint
BeginUpdateResourceA
bekwygbw.ex_
B_g2(0u
BKj`%/
Bv)Kkg
^[BZ]YQ
(C0$dv
c8!BVg
c8d[%`Z
<}C9uP
CancelWaitableTimer
Cbwhjdv
ChangeDisplaySettingsExW
ChangeMenuA
ClearCommError
ClientThreadSetup
CliImmSetHotKey
Co*AX)
CopyImage
CopyRect
CreateDialogParamA
CreateDirectoryExA
CreateFileMappingW
CredReadDomainCredentialsA
c}s]cN
^C$YAN
cz)O6T
d3d8.dll
d3d8thk.dll
-D"9o'
DD8OxwC
DefWindowProcA
DeleteTimerQueue
DestroyIcon
DestroyWindow
Dh ^{h
DialogBoxIndirectParamA
d}icT2
Direct3DCreate8
DirectPlay8Create
,dKwae
DlgDirSelectExA
dN	YI&7
DrawAnimatedRects
DrawCaptionTempA
DrawTextA
DrawTextExA
DwW(}O\
!E1KA3
(e1U.~ow
+[,E6t
e7`TXL
eBGv*1
EndTask
EndUpdateResourceA
EnterReaderModeHelper
EnumChildWindows
EnumDisplaySettingsExW
EnumPropsA
EnumPropsExA
EnumSystemGeoID
EnumSystemLanguageGroupsA
EomXTy
e|;wPfX
ExitProcess
)|fD\8
?,*#F%e
fE4u"dg
FeOJ+8
Ff_#AlP
FindAtomA
FindFirstFileA
FindNextVolumeMountPointA
FlushConsoleInputBuffer
FlushViewOfFile
fpX-IoZJ
$:	#:g
GetAtomNameA
GetBinaryTypeA
GetCommandLineA
GetCommState
GetComputerNameA
GetConsoleAliasExesW
GetConsoleInputExeNameA
GetConsoleMode
GetConsoleSelectionInfo
GetConsoleTitleA
GetCPInfoExA
GetCurrencyFormatA
GetCurrentConsoleFont
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDefaultCommConfigA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDriveTypeA
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExA
GetFileInformationByHandle
GetKeyboardLayoutList
GetKeyboardType
GetLastError
GetLastInputInfo
GetMenuInfo
GetModuleFileNameA
GetModuleHandleA
GetNamedPipeHandleStateA
GetNativeSystemInfo
GetOarwnhx
GetPrivateProfileSectionNamesW
GetProcessIoCounters
GetProcessVersion
GetRawInputDeviceInfoA
GetScrollBarInfo
GetSystemTimes
GetSystemWindowsDirectoryA
GetTabbedTextExtentA
GetTempPathA
GetThreadPriorityBoost
GetTopWindow
GetUserGeoID
GetUserObjectSecurity
GetVersion
GetVersionExA
GetWindow
GetWindowTextLengthA
GetWindowThreadProcessId
$gF.)Q
G;F}yj
g^IMC1
glLightModeli
GlobalFlags
GlobalGetAtomNameA
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GrayStringA
gWHZ)P
'G=*Z@
hc,<(_<
HeapDestroy
HeapFree
HeapSize
'hjnzI
hr'xv?
i84YoA]
iG%~p%a@f
i_HHxn/~3=
I+mg00@
ImpersonateDdeClientWindow
InitCelucrnudyk
InsertMenuItemA
i`o}#ii
+io}Xq
IsBadStringPtrA
IsCharAlphaNumericW
IsClipboardFormatAvailable
IsDialogMessage
I`shH3
IsProcessorFeaturePresent
IsServerSideWindow
IsWindowUnicode
j+\6]T
JF@Q9<S
j?!_IJM
?JlqSz(O
k4h6j\9_
>K-[Du
kernel32.dll
KERNEL32.DLL
kkqfCc
	K%t4<2. @
_lclose
Lhdu_W
LjjFLcA
lls<J)Q
lme\@l
Ln|q66&
LnT0e8
LoadAcceleratorsA
LoadIconA
LoadLocalFonts
LoadStringA
LocalCompact
LockWindowUpdate
lstrcatA
lstrcmpi
lstrcpyA
,LVdmU
LVspQ(L
_lwrite
LZOpenFileA
LZStart
L*zTX 
$m2 AW
MapDialogRect
MapUserPhysicalPagesScatter
{Mb]skb
MenuWindowProcA
MessageBeep
MessageBoxExA
MessageBoxIndirectA
Mfz='xz
mnB/t;8
MoveFileExA
mSB#jTN
M|UM~D<j
-mWx6=
n(Bg,Z
ncATB}
No29r(
n;oiSt
nQ:6tq2H
NQToQL
ns#Y.t
Nw{qWj
{nY24+p
OdRQ!Z
odS=5+
/oHAtO
OM_=U]
on~\h0
OPENGL32
OpenIcon
OpenSemaphoreA
OpenThread
OpenWaitableTimerA
OpjOd1&
OsThunkD3dContextCreate
O^?th^
&!O<|w
Owtspvvgwkj
Oygihfljxy
p1E\f)%%y
>`P 1G
!pbR\z
(pBu=-
P.edata
PeekConsoleInputA
P#fn`o
~PO$o6
PostMessageA
PostQuitMessage
ppWwDN
PurgeComm
PX_gSjm
|q:C?:*
qHma$Kc	
Q{IwR\
(q>"L=
:QL]Bv
Q _m[/
qmkz~J$xa#
%Q`qp&
qT!xuvX
QueryDosDeviceA
QueryMemoryResourceNotification
QueryRecoveryAgentsOnEncryptedFile
R.data
ReadConsoleA
ReadConsoleOutputCharacterA
RegisterMessagePumpHook
RegisterShellHookWindow
ReleaseMutex
`.reloc
ReplyMessage
ResetEvent
?rGa2G
r\PO\O
{%RT/I
ScvwNTQ
SeCD%z
SendIMEMessageExA
SendInput
SendMessageTimeoutA
SetClipboardViewer
SetConsoleLocalEUDC
SetConsoleMenuClose
SetDoubleClickTime
SetFilePointerEx
SetFileTime
SetLastError
SetMenuContextHelpId
SetMenuInfo
SetMenuItemBitmaps
SetMessageQueue
SetPriorityClass
SetProcessPriorityBoost
SetStdHandle
SetTapeParameters
SetThreadUILanguage
SetTimer
SetWaitableTimer
SetWindowTextA
ShowScrollBar
Sp8v.c
ssOG(}[
SwapMouseButton
TerminateThread
!This program cannot be run in DOS mode.
Thread32Next
TileChildWindows
tRmvbB
TvXh+I^
!Tw;za
//u2iF
\UDAeBV
'(uK4 i
$UM"!B
UnlockFileEx
UnlockWindowStation
UnpackDDElParam
UO04yL
U|[O	E1
UpdateLayeredWindow
user32.dll
\V2y`6
,v78qO
VerifyVersionInfoA
VirtualAllocEx
$VJ7}-f
vNfmOi
~vPd)%
WaitCommEvent
w(=%fq
W&o)dA
WriteConsoleOutputA
WritePrivateProfileStringA
x0n_9\
Xdertsos
xE)PxQ
xeVNDF
x`.gu0"t
XI,\eD]
x[#LLD5
XS[Xif
`xvvf&
XW,\dP
&X?zJH
y&!\,5
y`5?xiF
'	>"Yg
y[Gd@wn>}
=YK7q<<}9
z@6u_o
#Z~.h/i
zqb6g[
	>Zw)/
zw7AjE|p