| Analysis Date | 2018-06-06 11:13:16 |
|---|---|
| MD5 | f28835809f132bfc9cf14316cbc3d59f |
| SHA1 | 45b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 6e8ecf066364f6a6c1c97981505cc7a2 sha1: 4c7768dd8682b694a943c01a0a90babf581d0488 size: 239616 | |
| Section | .rdata md5: 9616196e655b7641beafd5018c7f6a44 sha1: c25bd9331e09a87e49f79425deda192af18516b6 size: 13312 | |
| Section | .data md5: ee73a365c013728a482b1238b3afa1a1 sha1: b4c5cc17d6741f32285da0d3635d7c6f18b4c8b0 size: 6144 | |
| Section | .rsrc md5: 3dd0aa124604c07ca500308dddf700a9 sha1: 474387732569c2b002d4828bd4bf9f8aea66909d size: 63488 | |
| Timestamp | 2015-08-08 06:21:42 | |
| Version | LegalCopyright: Copyright(c) 2008 Adobe, Inc.; 7-ZIP DLL Copyright(c) 2008 Igor Pavlov Comment: Created by PowerArchiver. Copyright(c) 2008 ConeXware, Inc. 7-ZIP Copyright (c) 2008 Igor Pavlov. InternalName: FileVersion: 1.0.1.2 CompanyName: Adobe Systems Incorporated LegalTrademarks: ProductName: Adobe Extractor ProductVersion: 1.01 FileDescription: Adobe Extractor Comment2: OriginalFilename: | |
| Packer | Microsoft Visual C++ ?.? | |
| PEhash | a360cf6d783800824415f3b1ab6cfbde4c6f9bd4 | |
| IMPhash | 59a9e5b7959471288dc31c31c814cd0b | |
| AV | Eset (nod32) | Win32/Dorkbot.J worm |
| AV | BitDefender | Gen:Variant.Mikey.21897 |
| AV | Emsisoft | Gen:Variant.Mikey.21897 |
| AV | Kaspersky | Backdoor.Win32.Androm.hvgk |
| AV | Rising | no_virus |
| AV | Avira (antivir) | TR/ATRAPS.Gen4 |
| AV | Padvish | no_virus |
| AV | Fortinet | W32/Androm.HVGK!tr.bdr |
| AV | Arcabit (arcavir) | Gen:Variant.Mikey.21897 |
| AV | F-Secure | Gen:Variant.Mikey.21897 |
| AV | Zillya! | Backdoor.Androm.Win32.23863 |
| AV | K7 | Trojan ( 004bdac51 ) |
| AV | Symantec | Trojan.Gen.2 |
| AV | Ad-Aware | Gen:Variant.Mikey.21897 |
| AV | Frisk (f-prot) | W32/Trojan4.AHHT |
| AV | Trend Micro | no_virus |
| AV | CAT (quickheal) | Worm.Gamarue.rw4 |
| AV | Twister | no_virus |
| AV | CA (E-Trust Ino) | no_virus |
| AV | MalwareBytes | Trojan.Kovter |
| AV | Microsoft Security Essentials | Worm:Win32/Gamarue.AU |
| AV | VirusBlokAda (vba32) | Backdoor.Androm |
| AV | Grisoft (avg) | Win32/Cryptor |
| AV | MicroWorld (escan) | Gen:Variant.Mikey.21897 |
| AV | BullGuard | Gen:Variant.Mikey.21897 |
| AV | Alwil (avast) | Malware-gen:Win32:Malware-gen |
| AV | Dr. Web | Trojan.Inject1.43628 |
| AV | Ikarus | Worm.Win32.Dorkbot |
| AV | Mcafee | Gamarue-FCA!F28835809F13 |
| AV | Authentium | W32/Trojan.QSOR-2937 |
| AV | ClamAV | no_virus |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\Windows\System32\lsass.exe
Process
↳ C:\Users\Phil\AppData\Local\Temp\45b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7.exe
Process
↳ C:\Users\Phil\AppData\Local\Temp\45b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7.exe
| Creates Mutex | 1z2z3reas34534543233245x6 |
|---|
Process
↳ C:\Users\Phil\AppData\Local\Temp\45b0bbb6d69e9b543e61340fe5c7b98b69f4c9f7.exe
Process
↳ C:\Windows\SysWOW64\msiexec.exe
Network Details:
| DNS | europe.pool.ntp.org Type: A 188.40.99.69 |
|---|---|
| DNS | europe.pool.ntp.org Type: A 144.76.172.53 |
| DNS | europe.pool.ntp.org Type: A 37.187.99.14 |
| DNS | europe.pool.ntp.org Type: A 217.147.208.1 |
| DNS | north-america.pool.ntp.org Type: A 69.50.219.51 |
| DNS | north-america.pool.ntp.org Type: A 128.138.141.172 |
| DNS | north-america.pool.ntp.org Type: A 206.108.0.133 |
| DNS | north-america.pool.ntp.org Type: A 52.0.56.137 |
| DNS | south-america.pool.ntp.org Type: A 200.1.19.17 |
| DNS | south-america.pool.ntp.org Type: A 200.1.22.6 |
| DNS | south-america.pool.ntp.org Type: A 200.89.75.197 |
| DNS | south-america.pool.ntp.org Type: A 200.189.40.8 |
| DNS | asia.pool.ntp.org Type: A 80.241.0.72 |
| DNS | asia.pool.ntp.org Type: A 62.201.225.9 |
| DNS | asia.pool.ntp.org Type: A 137.189.4.10 |
| DNS | asia.pool.ntp.org Type: A 120.119.31.1 |
| DNS | oceania.pool.ntp.org Type: A 103.239.8.22 |
| DNS | oceania.pool.ntp.org Type: A 203.56.27.253 |
| DNS | oceania.pool.ntp.org Type: A 202.127.210.36 |
| DNS | oceania.pool.ntp.org Type: A 130.102.2.123 |
Raw Pcap
0x00000000 (00000) 504f5354 202f626c 6130382f 67617465 POST /bla08/gate 0x00000010 (00016) 2e706870 20485454 502f312e 310d0a43 .php HTTP/1.1..C 0x00000020 (00032) 61636865 2d436f6e 74726f6c 3a206e6f ache-Control: no 0x00000030 (00048) 2d636163 68650d0a 436f6e6e 65637469 -cache..Connecti 0x00000040 (00064) 6f6e3a20 636c6f73 650d0a50 7261676d on: close..Pragm 0x00000050 (00080) 613a206e 6f2d6361 6368650d 0a436f6e a: no-cache..Con 0x00000060 (00096) 74656e74 2d547970 653a2061 70706c69 tent-Type: appli 0x00000070 (00112) 63617469 6f6e2f6f 63746574 2d737472 cation/octet-str 0x00000080 (00128) 65616d0d 0a557365 722d4167 656e743a eam..User-Agent: 0x00000090 (00144) 204d6f7a 696c6c61 2f342e30 0d0a436f Mozilla/4.0..Co 0x000000a0 (00160) 6e74656e 742d4c65 6e677468 3a203539 ntent-Length: 59 0x000000b0 (00176) 0d0a486f 73743a20 616e6434 2e6a756e ..Host: and4.jun 0x000000c0 (00192) 676c6562 65617269 77746331 2e636f6d glebeariwtc1.com 0x000000d0 (00208) 0d0a0d0a afd8abce ad255a01 c212453f .........%Z...E? 0x000000e0 (00224) 64b89f69 320c10a9 dde99403 c32cdc6e d..i2........,.n 0x000000f0 (00240) c8eaf769 a25f3b17 0faa49e9 084d86ca ...i._;...I..M.. 0x00000100 (00256) 84ae4f07 9913706a fe6086d5 8a9490 ..O...pj.`.....
Strings