Analysis Date2015-09-08 05:04:11
MD5666522db14a021d1e255cc28c9fd8721
SHA148b76e4522075cb59af4bd6c130c3685a4f0dbfb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 85642675c30512b1a4f41b9302de545e sha1: fb174ba0918ee8fd449b80fb0d6b11ffdc9fa9cf size: 73216
Section.rdata md5: b8a0ca95811c4f1c5b323163e00e193e sha1: ede0e932eb614fdd80061e8eafb11854e7528f45 size: 7680
Section.data md5: e6b0f2ed7490c6367070b5d64b08c5cd sha1: e86b7b689164490d0211d44d0ed44181d2d5e8b8 size: 512
Section.CRT md5: ba8426e3ef49090ba08cdf627d5726a0 sha1: da2b776aadc266fdf167a58c2a6c1cf679621375 size: 512
Section.rsrc md5: d7c6738ebb0396ded87ad3fd9afcacdf sha1: 0a3b8845f727c4da998e99bb1a0525063d7c1041 size: 14336
Timestamp2012-05-02 09:32:36
Pdb pathd:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
PEhashcc7c15f3c19e26fedc1009d0408cca45b1c7f097
IMPhash4b6e5a3486c5dbbf8033bec4f5ccf331
AVRisingno_virus
AVMcafeeRDN/Generic.dx
AVAvira (antivir)no_virus
AVTwisterno_virus
AVAd-AwareTrojan.GenericKD.2666354
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)no_virus
AVGrisoft (avg)no_virus
AVSymantecBackdoor.Korplug
AVFortinetPossibleThreat
AVBitDefenderTrojan.GenericKD.2666354
AVK7Riskware ( 0040eff71 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.O
AVMicroWorld (escan)Trojan.GenericKD.2666354
AVMalwareBytesno_virus
AVAuthentiumW32/Backdoor.HXLS-3212
AVFrisk (f-prot)no_virus
AVIkarusWorm.Win32.Gamarue
AVEmsisoftTrojan.GenericKD.2666354
AVZillya!no_virus
AVKasperskyno_virus
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.GenericKD.2666354
AVArcabit (arcavir)Trojan.GenericKD.2666354
AVClamAVno_virus
AVDr. WebTrojan.Packed.25561
AVF-SecureTrojan.GenericKD.2666354
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File__tmp_rar_sfx_access_check_74531
Creates FilePIPE\srvsvc
Creates FileUntitled.exe
Creates Filexlbug.dat
Creates FileXLBugHandler.dll
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\xlbug.dat
Deletes File__tmp_rar_sfx_access_check_74531
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\Untitled.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\XLBugHandler.dll

Network Details:


Raw Pcap

Strings