Analysis Date2015-10-14 01:59:25
MD502a419bec197f2a340d353cfb0e09b35
SHA147a36609d5eb34f4418640eca64c7f3d3bc5d992

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c20e4eab65975058ea861709d9237af3 sha1: ac2c266613ca4a66f10fb3f840ebd566d3f79e21 size: 11776
Section.rsrc md5: c4aa6b7022ce35542b06a8bf336ec207 sha1: c3af5d11e9b631d8e9c8091aad8859779bdcd9e8 size: 46080
Timestamp2013-09-30 08:50:44
PackerPECompact 2.0x Heuristic Mode -> Jeremy Collake
PEhash1e37ad23f7b66f1c990d76ea2b9fcb2dc8658a40
IMPhash09d0478591d4f788cb3e5ea416c25237
AVRisingno_virus
AVMcafeeObfuscated-FAMS!hb
AVAvira (antivir)DDoS/Nitol.B.723
AVTwisterTrojan.005064FF350000000.mg
AVAd-AwareGeneric.ServStart.65785402
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/ServStart.DR
AVGrisoft (avg)DoS.DEZ
AVSymantecBackdoor.Trojan
AVFortinetW32/ServerStart.DR!tr
AVBitDefenderGeneric.ServStart.65785402
AVK7Trojan ( 0048c0ff1 )
AVMicrosoft Security EssentialsTrojan:Win32/ServStart.G
AVMicroWorld (escan)Generic.ServStart.65785402
AVMalwareBytesno_virus
AVAuthentiumW32/Threat-HLLIP.gen!Eldorado
AVFrisk (f-prot)W32/Threat-HLLIP-based!Maximus
AVIkarusTrojan.DoS.CVQ
AVEmsisoftGeneric.ServStart.65785402
AVZillya!Trojan.Vehidis.Win32.135
AVKasperskyTrojan.Win32.Vehidis.bf
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)BScope.P2P-Worm.Palevo
AVPadvishno_virus
AVBullGuardGeneric.ServStart.65785402
AVArcabit (arcavir)Generic.ServStart.65785402
AVClamAVWin.Trojan.Agent-854820
AVDr. WebTrojan.DownLoader11.3375
AVF-SecureGeneric.ServStart.65785402
AVCA (E-Trust Ino)Win32/Nitol.VKdSbRC

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNSutem7.eicp.net
Type: A
174.128.255.231
DNSutem7.eicp.net
Type: A
174.128.255.231
DNS2.j8ip.com
Type: A
Flows TCP192.168.1.1:1046 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1048 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1062 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1075 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1089 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1102 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1115 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1129 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1142 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1158 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1172 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1185 ➝ 174.128.255.231:1678

Raw Pcap
0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .


Strings