Analysis Date2015-11-25 00:48:19
MD5013b31d5dbaf5daea6f83687c3f3cf74
SHA149e8431c9c285f5d5d461a8c062293af29d432ef

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c8a904625775f208f0d23d80633a15b1 sha1: d866987468f72662a88cb8af4dd8a5396d3e8acb size: 40960
Section.rdata md5: 4c9c90d98859e999f2e03dfd757f0229 sha1: 9841de52eeae5bdeec0471fa0ef855bf95bd52b3 size: 20480
Section.data md5: f2998f3cf80a51dae92a7b0dc3b7b29b sha1: 0c23b477acb07623fee9e9a0853483895e45c925 size: 32768
Section.reloc md5: cb95bb62757a8dcfeee1b4e9e425be6e sha1: 15b2db0e302753e593539b697d2744e3bce0e4f4 size: 8192
Timestamp2015-07-24 13:22:54
Pdb pathc:\Much\look\Probable\house\beat\jump\Fill\Basiclay.pdb
PackerMicrosoft Visual C++ ?.?
PEhash081d7d96067d9c667bcfa3e228c6d1263efe21d7
IMPhashf99f1221c1a46c2438bd400b4ac4356a
AVRisingno_virus
AVMcafeeTrojan-FGXE!013B31D5DBAF
AVAvira (antivir)Worm/Gamarue.1155952.18
AVTwisterTrojan.Girtk.DSKN.wdwu
AVAd-AwareTrojan.Agent.BLNH
AVAlwil (avast)MalOb-LV [Cryp]
AVEset (nod32)Win32/Kryptik.DSKN
AVGrisoft (avg)Worm/Generic3.TQQ
AVSymantecDownloader.Dromedan
AVFortinetW32/Kryptik.DSKN!tr
AVBitDefenderTrojan.Agent.BLNH
AVK7Trojan-Downloader ( 004a98c31 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVMicroWorld (escan)Trojan.Agent.BLNH
AVMalwareBytesno_virus
AVAuthentiumW32/Trojan.XGZG-7129
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftTrojan.Agent.BLNH
AVZillya!Backdoor.Androm.Win32.23451
AVKasperskyBackdoor.Win32.Androm.iqdv
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)Backdoor.Androm
AVPadvishno_virus
AVBullGuardTrojan.Agent.BLNH
AVArcabit (arcavir)Trojan.Agent.BLNH
AVClamAVWin.Trojan.Agent-952729
AVDr. WebTrojan.DownLoader15.26790
AVF-SecureTrojan:W32/Gamarue.F
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeTrojan-FGXE!013B31D5DBAF
AVAvira (antivir)Worm/Gamarue.1155952.18
AVTwisterTrojan.Girtk.DSKN.wdwu
AVAd-AwareTrojan.Agent.BLNH
AVAlwil (avast)MalOb-LV [Cryp]
AVEset (nod32)Win32/Kryptik.DSKN
AVGrisoft (avg)Worm/Generic3.TQQ
AVSymantecDownloader.Dromedan
AVFortinetW32/Kryptik.DSKN!tr
AVBitDefenderTrojan.Agent.BLNH
AVK7Trojan-Downloader ( 004a98c31 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVMicroWorld (escan)Trojan.Agent.BLNH
AVMalwareBytesno_virus
AVAuthentiumW32/Trojan.XGZG-7129
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.225.126.76
DNSeurope.pool.ntp.org
Type: A
195.83.66.158
DNSeurope.pool.ntp.org
Type: A
213.154.236.182
DNSeurope.pool.ntp.org
Type: A
78.46.37.9
DNSnorth-america.pool.ntp.org
Type: A
208.75.89.4
DNSnorth-america.pool.ntp.org
Type: A
104.131.53.252
DNSnorth-america.pool.ntp.org
Type: A
142.54.181.202
DNSnorth-america.pool.ntp.org
Type: A
171.66.97.126
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
186.71.75.78
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
129.250.35.250
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
115.126.160.4
DNSoceania.pool.ntp.org
Type: A
203.97.218.196
DNSoceania.pool.ntp.org
Type: A
203.99.128.34
DNSafrica.pool.ntp.org
Type: A
41.231.53.4
DNSafrica.pool.ntp.org
Type: A
196.223.19.3
DNSafrica.pool.ntp.org
Type: A
41.188.33.6
DNSafrica.pool.ntp.org
Type: A
41.222.88.32

Raw Pcap

Strings