Analysis Date2015-12-10 18:45:10
MD5af87430df818e0343e0cb46ebded07a9
SHA151b7c8760cc647208a2d602f166465a362adbd5b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 79b3802520053f72db1dd6c7532e6625 sha1: 5c03dec8ce83d42d7f84d908a236e50bdf353c20 size: 98304
Section.rdata md5: c6892bebfbdc2d8e7d59dc44c7cd6551 sha1: cb970bf82a992d9abf104684f5dd0b9e747c51aa size: 22016
Section.data md5: 0a2f84d53c0a9f145917cc52aecf6230 sha1: 00484cb7babcebcec384e32c158174b143aa4bdb size: 65536
Section.rsrc md5: 59493e125cfa5ce384b9744131e55332 sha1: 2120046f4982c88a1911038d347354ec787b97cb size: 86016
Timestamp2015-10-10 15:32:58
VersionLegalCopyright: Babality production
FileVersion: 6.0.6
CompanyName: Babality production
Comments: Fake alert
ProductName: Cyrex
BuildNumber: You are using this product on your own risk
FileDescription: Cyrex
PackerMicrosoft Visual C++ ?.?
PEhashb667ba4e798511ddbdb0c759ae6573c73a075ae6
IMPhash52e880f95ab423b77e6bf4bbff52f09a
AVBitDefenderTrojan.Lethic.Gen.9
AVBullGuardTrojan.Lethic.Gen.9
AVClamAVno_virus
AVGrisoft (avg)Crypt_r.ACG
AVTwisterno_virus
AVEset (nod32)Win32/Kryptik.EADP
AVFortinetW32/Kryptik.EASA!tr
AVAvira (antivir)TR/Agent.272896.68
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVAd-AwareTrojan.Lethic.Gen.9
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Generic
AVArcabit (arcavir)Trojan.Lethic.Gen.9
AVEmsisoftTrojan.Lethic.Gen.9
AVMcafeeRDN/Generic BackDoor
AVF-SecureTrojan.Lethic.Gen.9
AVK7Trojan ( 004d42ee1 )
AVAlwil (avast)Androp [Drp]
AVIkarusTrojan.Win32.Crypt
AVMalwareBytesTrojan.InfoStealer
AVAuthentiumW32/S-ec3d98a4!Eldorado
AVVirusBlokAda (vba32)Backdoor.Farfli
AVMicroWorld (escan)Trojan.Lethic.Gen.9
AVSymantecTrojan.Gen.2
AVDr. WebBackDoor.Andromeda.662
AVFrisk (f-prot)no_virus
AVCAT (quickheal)Ransom.Crowti.B4
AVZillya!Backdoor.Kasidet.Win32.1145
AVMicrosoft Security EssentialsWorm:Win32/Kasidet

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\cmd.exe /c del C:\51B7C8~1.EXE
Creates MutexalFSVWJB

Process
↳ C:\WINDOWS\system32\cmd.exe /c del C:\51B7C8~1.EXE

Network Details:


Raw Pcap

Strings