Analysis Date2015-01-12 20:13:55
MD5851cd4fe5fe517e75446158312a4f775
SHA141bf59f766b6c2cdd76302d27139032b420e4a7f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: e03d66046be4f704574c38b2131c01cf sha1: ad9fffd4cc49243038d2322395f176ff6cbbb83c size: 377856
Section.rsrc md5: c3cf39df08d4a086e02a794c71df957a sha1: d809e647af33a2f29913fe1b861faff1da132f3e size: 3072
Section.reloc md5: 259a86d47d357a5f66dd691513c76d9b sha1: 5a98e4ccfe3084accc0bdd00b58017dfa5b2f018 size: 512
Timestamp2014-10-02 18:56:49
VersionLegalCopyright: Copyright © 2014
Assembly Version: 1.0.0.0
InternalName: Windows.exe
FileVersion: 1.0.0.0
ProductName: Windows
ProductVersion: 1.0.0.0
FileDescription: Windows
OriginalFilename: Windows.exe
PackerMicrosoft Visual C# v7.0 / Basic .NET
PEhash7a1cb31d268e2067941640dba18699c8ccd63a69
IMPhashf34d5f2d4577ed6d9ceec516c1f5a744
AV360 Safeno_virus
AVAd-AwareGen:Variant.Kazy.463837
AVAlwil (avast)GenMalicious-OC [Trj]
AVArcabit (arcavir)Gen:Variant.Kazy.463837
AVAuthentiumW32/MSIL_Troj.DL.gen!Eldorado
AVAvira (antivir)TR/Kazy.463837
AVBullGuardGen:Variant.Kazy.463837
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.MSI.r3
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Kazy.463837
AVEset (nod32)MSIL/TrojanDropper.Agent.AGW
AVFortinetMSIL/Agent.AGW!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.463837
AVGrisoft (avg)MSIL5.JTA
AVIkarusTrojan.MSIL.Zapchast
AVK7Trojan ( 0049571c1 )
AVKasperskyTrojan.MSIL.Zapchast.eojl
AVMalwareBytesBackdoor.Agent.RDL
AVMcafeeRDN/Generic Dropper!vi
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.463837
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan.MSIL.Zapchast

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings

000004b0
1.0.0.0
  2014
@#7@
Assembly Version
Copyright 
FileDescription
FileVersion
InternalName
LegalCopyright
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
Windows
Windows.exe
1.0.0.0
10.0.0.0
/^&.1+3
  2014
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
4System.Web.Services.Protocols.SoapHttpClientProtocol
$83955fa1-882c-4d56-87c3-15601021c3ae
]"9	lx
Activator
add_Load
add_ResourceResolve
add_Shutdown
AppDomain
Application
ApplicationSettingsBase
</assembly>
Assembly
AssemblyCompanyAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyFileVersionAttribute
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
AuthenticationMode
AutoScaleMode
b 512N
B8=Op6
Button
ButtonBase
/C&*1#3
[[C6DF$
>c+}6g
.cctor
CheckForSyncLockOnValueType
ClearProjectError
CompilationRelaxationsAttribute
CompressionMode
Computer
ComVisibleAttribute
Concat
ContainerControl
ContainsKey
Control
ControlCollection
Copyright 
_CorExeMain
CreateInstance
Create__Instance__
CreateProjectError
CultureInfo
/D&(123
dc;R9+
DDDDDD
DDDDDDDDDDDDD@
DDDDDDDDDDDDDDp
Default
DeflateStream
DesignerGeneratedAttribute
Dictionary`2
Dispose
Dispose__Instance__
disposing
EditorBrowsableAttribute
EditorBrowsableState
*Ehp/~
EndApp
Equals
EventArgs
EventHandler
Evidence
Exception
FileSystemProxy
</fpf,H
FrameworkDisplayName
GeneratedCodeAttribute
get_Assembly
get_Controls
get_CurrentDomain
GetData
get_Default
get_Evidence
GetExecutingAssembly
get_FileSystem
GetHashCode
get_InnerException
get_IsDisposed
GetManifestResourceNames
get_Message
get_Name
GetObject
GetObjectValue
get_RequestingAssembly
GetResourceString
get_SaveMySettingsOnExit
get_SpecialDirectories
get_Temp
GetTypeFromHandle
get_UseCompatibleTextRendering
GuidAttribute
h76\)'b
Hashtable
HelpKeywordAttribute
HideModuleNameAttribute
/I&?1#3
IContainer
IDisposable
IEzPyW!>
InitializeArray
InvalidOperationException
I}&$]-U
JRcWsaG
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
LLLLLLLLLN
MemoryStream
Microsoft.VisualBasic
Microsoft.VisualBasic.ApplicationServices
Microsoft.VisualBasic.CompilerServices
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.MyServices
<Module>
Monitor
mscoree.dll
mscorlib
MyApplication
My.Application
MyComputer
My.Computer
My.Forms
MyGroupCollectionAttribute
My.MyProject.Forms
MyProject
MySettings
My.Settings
MyTemplate
My.User
My.WebServices
.NET Framework 4 Client Profile
).NETFramework,Version=v4.0,Profile=Client
Object
ObjectFlowControl
OnCreateMainForm
op_Inequality
Process
ProjectData
#q1iK:_
/R&)143
ReferenceEquals
@.reloc
Remove
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
ResolveEventArgs
ResolveEventHandler
ResourceManager
ResumeLayout
`.rsrc
RUF}!nr/4
RuntimeCompatibilityAttribute
RuntimeFieldHandle
RuntimeHelpers
RuntimeTypeHandle
s&)123
    </security>
    <security>
SecuritySafeCriticalAttribute
ServerComputer
set_AutoScaleDimensions
set_AutoScaleMode
set_ClientSize
SetCompatibleTextRenderingDefault
SetData
set_EnableVisualStyles
set_IsSingleInstance
set_Item
set_Location
set_MainForm
set_Name
SetProjectError
set_SaveMySettingsOnExit
set_ShutdownStyle
set_Size
set_TabIndex
set_Text
SettingsBase
set_UseVisualStyleBackColor
ShutdownEventHandler
ShutdownMode
SpecialDirectoriesProxy
SP_;j&
StandardModuleAttribute
STAThreadAttribute
Stream
String
#Strings
SuppressIldasmAttribute
SuspendLayout
Synchronized
System
System.CodeDom.Compiler
System.Collections
System.Collections.Generic
System.ComponentModel
System.ComponentModel.Design
System.Configuration
System.Diagnostics
System.Drawing
System.Globalization
System.IO
System.IO.Compression
System.Reflection
System.Resources
System.Runtime.CompilerServices
System.Runtime.InteropServices
System.Runtime.Versioning
System.Security
System.Security.Policy
System.Threading
System.Windows.Forms
System.Windows.Forms.Form
/T&.1h3
TargetFrameworkAttribute
TargetInvocationException
%TA;V9
!This program cannot be run in DOS mode.
ThreadStaticAttribute
ToArray
ToString
tRrdD/R;GT
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
UC^AWL
v4.0.30319
ValueType
VOQdu]
VU0w5*
/w&3143
W{(hi.
Windows
Windows.exe
WindowsFormsApplicationBase
Windows.My
WrapNonExceptionThrows
WriteAllBytes
(WSBG.
wwwwwwwDDDDDDDGO
wwwwwwwwwwwwwwp
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
xPXbeE
Ya]^IU
ZSf:p[