Analysis Date2015-10-14 00:34:48
MD58bbaf85f2fa8098fb788b75232f0b68a
SHA14ba78b990422ec7c7c6edfb94f6677fbe28c02e1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a96951b1fb3bfc4586b8f6229a189980 sha1: 952803c7f13c2fcb21dd740db9c79a799f726c27 size: 13824
Section.rsrc md5: b381d566516fc2553f981ce098df28cd sha1: 0f250680dddefa7912ef50cfd7780d712bd497a0 size: 7168
Timestamp2013-09-30 08:50:44
VersionLegalCopyright: Copyright © 1998 Microsoft Corp.
InternalName: TstCon32
FileVersion: 6.0.8063
CompanyName: Microsoft Corporation
ProductName: Microsoft® Developer Studio
ProductVersion: 6.0.000
FileDescription: Microsoft® ActiveX Control Test Container
OriginalFilename: TstCon32.Exe
PackerPECompact 2.0x Heuristic Mode -> Jeremy Collake
PEhash24d5e04175bd2968644fa119b4684e3a430a51dd
IMPhash09d0478591d4f788cb3e5ea416c25237
AVRisingno_virus
AVMcafeeObfuscated-FAJM!hb
AVAvira (antivir)DDoS/Nitol.B.706
AVTwisterTrojan.005064FF350000000.mg
AVAd-AwareGeneric.ServStart.16748873
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/ServStart.DR
AVGrisoft (avg)DoS.DEY
AVSymantecBackdoor.Trojan
AVFortinetW32/ServerStart.DR!tr
AVBitDefenderGeneric.ServStart.16748873
AVK7Trojan ( 00361abb1 )
AVMicrosoft Security EssentialsTrojan:Win32/ServStart.G
AVMicroWorld (escan)Generic.ServStart.16748873
AVMalwareBytesno_virus
AVAuthentiumW32/SysVenFak.B.gen!Eldorado
AVFrisk (f-prot)W32/SysVenFak.B.gen!Eldorado
AVIkarusTrojan.DoS.CVQ
AVEmsisoftGeneric.ServStart.16748873
AVZillya!Trojan.Vehidis.Win32.352
AVKasperskyTrojan.Win32.Vehidis.bf
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)BScope.P2P-Worm.Palevo
AVPadvishno_virus
AVBullGuardGeneric.ServStart.16748873
AVArcabit (arcavir)Generic.ServStart.16748873
AVClamAVWin.Trojan.Agent-733272
AVDr. WebTrojan.DownLoader11.3375
AVF-SecureGeneric.ServStart.16748873
AVCA (E-Trust Ino)Win32/Nitol.ccLaRVD

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNSutem7.eicp.net
Type: A
174.128.255.231
DNS1.j8ip.com
Type: A
Flows TCP192.168.1.1:1049 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1062 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1076 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1089 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1103 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1115 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1129 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1143 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1155 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1169 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1183 ➝ 174.128.255.231:1678

Raw Pcap
0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .


Strings