Analysis Date2015-07-27 18:54:47
MD5947f96692c81f4f99dc8cb429c93d17b
SHA1459dd2ba56518dbcea442cbd6724912ec09a22fd

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: bf67e14867984cf30a3197bcc19ea295 sha1: 43d5a189d08e293b07a19762e4bda97a0e20526e size: 12800
Section.idata md5: 1d6a8313bc597a49635866e676a7cfa0 sha1: 6380e56739a3d0b29d9fded51c47c74a76fa6f95 size: 512
Section.data md5: 95a1bf3278e6d96056008bc84ea57ca7 sha1: 94a5401555e4280891657c0accc5d7da742dce50 size: 3072
Section.idata md5: c74aa53afa2af10313b4ab6a12376970 sha1: f0098ca8a465d8182809e42558a696351ba6f9b5 size: 512
Section.pdata md5: 9c48a74c210daaa59a2f27a44cd7b771 sha1: fe19c94220e3673ef76943340c9c008370407c0d size: 14336
Section.sdata md5: 66a5ab78e8ae6769e296613288a7a06d sha1: 7a471581ea50467f119ff7a959e4062711fd6900 size: 12800
Section.rsrc md5: d9f8681e229ec55f3f273fc095a11419 sha1: 0706e52cec8bed3a96f20e0439fd78c99c5f3b08 size: 4096
Timestamp2012-07-31 11:05:01
PEhashd1752d71ea3fbf30adf2a961ec73f048c1474fd8
IMPhash62395f1c6dea147c8c75d7f982a6fe57
AVRisingno_virus
AVMcafeePWS-Zbot.gen.yl
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVTwisterVirus.1B0D@124000@2FF400.mg
AVAd-AwareGen:Variant.Kazy.83896
AVAlwil (avast)Crypt-QTS [Trj]
AVEset (nod32)Win32/Kryptik.AJFL
AVGrisoft (avg)Generic29.DVD
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.YLA!tr
AVBitDefenderGen:Variant.Kazy.83896
AVK7Password-Stealer ( 003f06421 )
AVMicrosoft Security EssentialsDDoS:Win32/Dofoil.A
AVMicroWorld (escan)Gen:Variant.Kazy.83896
AVMalwareBytesno_virus
AVAuthentiumW32/Falab.F.gen!Eldorado
AVFrisk (f-prot)W32/Falab.F.gen!Eldorado
AVIkarusTrojan-Spy.Win32.Zbot
AVEmsisoftGen:Variant.Kazy.83896
AVZillya!Trojan.Kryptik.Win32.271565
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTSPY_ZBOT.SM3T
AVCAT (quickheal)Trojan.Yakes.ajfy
AVVirusBlokAda (vba32)Trojan.Yakes
AVPadvishTrojan.Yakes.ajfy
AVBullGuardGen:Variant.Kazy.83896
AVArcabit (arcavir)Gen:Variant.Kazy.83896
AVClamAVWin.Trojan.Androm-71
AVDr. WebBackDoor.Tishop
AVF-SecureGen:Variant.Kazy.83896
AVCA (E-Trust Ino)Win32/Zbot.AM!generic

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings