Analysis Date2015-10-14 15:48:35
MD59588f8c3ccff0302115bcc0d07872862
SHA14e08a7e15a822bff233ed0c901c9fc5a83277038

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: dabd7ce87bc053a947613035b982c920 sha1: 5a2e9a62cbe7000ae0e8976b1ec8fe5657091f31 size: 11776
Section.rsrc md5: a410cc58642368c1185da92a4318615b sha1: 778bfff5dc5e79ab1e41b601fcddee9b23781143 size: 5632
Timestamp2013-09-30 08:50:44
PackerPECompact 2.0x Heuristic Mode -> Jeremy Collake
PEhashe463ef81653154e21ab5d6d27a49184bb3cb488f
IMPhash09d0478591d4f788cb3e5ea416c25237
AVCA (E-Trust Ino)Win32/Nitol.CHLVcHD
AVF-SecureGeneric.ServStart.6C2197B9
AVDr. WebTrojan.DownLoader11.3375
AVClamAVno_virus
AVArcabit (arcavir)Generic.ServStart.6C2197B9
AVBullGuardGeneric.ServStart.6C2197B9
AVPadvishno_virus
AVVirusBlokAda (vba32)BScope.P2P-Worm.Palevo
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Vehidis.bf
AVZillya!Trojan.Vehidis.Win32.615
AVEmsisoftGeneric.ServStart.6C2197B9
AVIkarusTrojan.DoS.CVQ
AVFrisk (f-prot)W32/Threat-HLLIP-based!Maximus
AVAuthentiumW32/Threat-HLLIP.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Generic.ServStart.6C2197B9
AVMicrosoft Security EssentialsTrojan:Win32/ServStart.G
AVK7Trojan ( 0048c0ff1 )
AVBitDefenderGeneric.ServStart.6C2197B9
AVFortinetW32/ServerStart.DR!tr
AVSymantecBackdoor.Trojan
AVGrisoft (avg)DoS.DNG
AVEset (nod32)Win32/ServStart.DR
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGeneric.ServStart.6C2197B9
AVTwisterTrojan.8105A0F7D3BD2809
AVAvira (antivir)DDoS/Nitol.B.845
AVMcafeeObfuscated-FALH!hb
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNSutem7.eicp.net
Type: A
174.128.255.231
DNS3.j8ip.com
Type: A
Flows TCP192.168.1.1:1047 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1060 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1074 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1087 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1100 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1113 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1126 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1140 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1153 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1166 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1178 ➝ 174.128.255.231:1678

Raw Pcap
0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .

0x00000000 (00000)   01                                    .


Strings