Analysis Date2018-06-06 11:13:16
MD5f28835809f132bfc9cf14316cbc3d59f
SHA145b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6e8ecf066364f6a6c1c97981505cc7a2 sha1: 4c7768dd8682b694a943c01a0a90babf581d0488 size: 239616
Section.rdata md5: 9616196e655b7641beafd5018c7f6a44 sha1: c25bd9331e09a87e49f79425deda192af18516b6 size: 13312
Section.data md5: ee73a365c013728a482b1238b3afa1a1 sha1: b4c5cc17d6741f32285da0d3635d7c6f18b4c8b0 size: 6144
Section.rsrc md5: 3dd0aa124604c07ca500308dddf700a9 sha1: 474387732569c2b002d4828bd4bf9f8aea66909d size: 63488
Timestamp2015-08-08 06:21:42
VersionLegalCopyright: Copyright(c) 2008 Adobe, Inc.; 7-ZIP DLL Copyright(c) 2008 Igor Pavlov
Comment: Created by PowerArchiver. Copyright(c) 2008 ConeXware, Inc. 7-ZIP Copyright (c) 2008 Igor Pavlov.
InternalName:
FileVersion: 1.0.1.2
CompanyName: Adobe Systems Incorporated
LegalTrademarks:
ProductName: Adobe Extractor
ProductVersion: 1.01
FileDescription: Adobe Extractor
Comment2:
OriginalFilename:
PackerMicrosoft Visual C++ ?.?
PEhasha360cf6d783800824415f3b1ab6cfbde4c6f9bd4
IMPhash59a9e5b7959471288dc31c31c814cd0b
AVEset (nod32)Win32/Dorkbot.J worm
AVBitDefenderGen:Variant.Mikey.21897
AVEmsisoftGen:Variant.Mikey.21897
AVKasperskyBackdoor.Win32.Androm.hvgk
AVRisingno_virus
AVAvira (antivir)TR/ATRAPS.Gen4
AVPadvishno_virus
AVFortinetW32/Androm.HVGK!tr.bdr
AVArcabit (arcavir)Gen:Variant.Mikey.21897
AVF-SecureGen:Variant.Mikey.21897
AVZillya!Backdoor.Androm.Win32.23863
AVK7Trojan ( 004bdac51 )
AVSymantecTrojan.Gen.2
AVAd-AwareGen:Variant.Mikey.21897
AVFrisk (f-prot)W32/Trojan4.AHHT
AVTrend Microno_virus
AVCAT (quickheal)Worm.Gamarue.rw4
AVTwisterno_virus
AVCA (E-Trust Ino)no_virus
AVMalwareBytesTrojan.Kovter
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVVirusBlokAda (vba32)Backdoor.Androm
AVGrisoft (avg)Win32/Cryptor
AVMicroWorld (escan)Gen:Variant.Mikey.21897
AVBullGuardGen:Variant.Mikey.21897
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVDr. WebTrojan.Inject1.43628
AVIkarusWorm.Win32.Dorkbot
AVMcafeeGamarue-FCA!F28835809F13
AVAuthentiumW32/Trojan.QSOR-2937
AVClamAVno_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\45b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\45b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7.exe

Creates Mutex1z2z3reas34534543233245x6

Process
↳ C:\Users\Phil\AppData\Local\Temp\45b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7.exe

Process
↳ C:\Windows\SysWOW64\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
188.40.99.69
DNSeurope.pool.ntp.org
Type: A
144.76.172.53
DNSeurope.pool.ntp.org
Type: A
37.187.99.14
DNSeurope.pool.ntp.org
Type: A
217.147.208.1
DNSnorth-america.pool.ntp.org
Type: A
69.50.219.51
DNSnorth-america.pool.ntp.org
Type: A
128.138.141.172
DNSnorth-america.pool.ntp.org
Type: A
206.108.0.133
DNSnorth-america.pool.ntp.org
Type: A
52.0.56.137
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.17
DNSsouth-america.pool.ntp.org
Type: A
200.1.22.6
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.197
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
137.189.4.10
DNSasia.pool.ntp.org
Type: A
120.119.31.1
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
130.102.2.123

Raw Pcap
0x00000000 (00000)   504f5354 202f626c 6130382f 67617465   POST /bla08/gate
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a43   .php HTTP/1.1..C
0x00000020 (00032)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000030 (00048)   2d636163 68650d0a 436f6e6e 65637469   -cache..Connecti
0x00000040 (00064)   6f6e3a20 636c6f73 650d0a50 7261676d   on: close..Pragm
0x00000050 (00080)   613a206e 6f2d6361 6368650d 0a436f6e   a: no-cache..Con
0x00000060 (00096)   74656e74 2d547970 653a2061 70706c69   tent-Type: appli
0x00000070 (00112)   63617469 6f6e2f6f 63746574 2d737472   cation/octet-str
0x00000080 (00128)   65616d0d 0a557365 722d4167 656e743a   eam..User-Agent:
0x00000090 (00144)   204d6f7a 696c6c61 2f342e30 0d0a436f    Mozilla/4.0..Co
0x000000a0 (00160)   6e74656e 742d4c65 6e677468 3a203539   ntent-Length: 59
0x000000b0 (00176)   0d0a486f 73743a20 616e6434 2e6a756e   ..Host: and4.jun
0x000000c0 (00192)   676c6562 65617269 77746331 2e636f6d   glebeariwtc1.com
0x000000d0 (00208)   0d0a0d0a afd8abce ad255a01 c212453f   .........%Z...E?
0x000000e0 (00224)   64b89f69 320c10a9 dde99403 c32cdc6e   d..i2........,.n
0x000000f0 (00240)   c8eaf769 a25f3b17 0faa49e9 084d86ca   ...i._;...I..M..
0x00000100 (00256)   84ae4f07 9913706a fe6086d5 8a9490     ..O...pj.`.....


Strings