Analysis Date2015-12-24 06:30:11
MD52bba7d8ac057f79c33aab92858523393
SHA155ae5c7061af9aad6aea92839bf98e32cc522106

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: af0746ac36661b2b254ae3c4fe9eda9e sha1: b732409b20de51fdcb15f4fda629dd9877631bb7 size: 227328
Section.rdata md5: 080c211c81b865db7e3aa7cfa410910d sha1: b8746a3ccd11e5677e0381a61d6e6e78e90bdb44 size: 26624
Section.data md5: 0aa5113b0bd3c99e411b0ff79fc7e3af sha1: dc9c18928d9a26991b4c342ceeaa0adb79c689af size: 17408
Section.rsrc md5: 99153598444f73983965c2bea543a577 sha1: 12affecd15c3346ca5548abc7a03c908ecd8e71e size: 72704
Timestamp2015-10-21 15:48:17
VersionLegalCopyright: © Microsoft Corporation. All rights reserved.
InternalName: pathping.exe
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
FileDescription: TCP/IP PathPing Command
OriginalFilename: pathping.exe
PackerMicrosoft Visual C++ ?.?
PEhash48f79f4a56ef9ce6bb669858f87484fc6b78c96e
IMPhash8f4d454f412dbee7b499c7ff21e01153
AVBitDefenderTrojan.GenericKD.2814961
AVFortinetW32/Kryptik.EASA!tr
AVVirusBlokAda (vba32)Malware-Cryptor.Limpopo
AVArcabit (arcavir)Trojan.GenericKD.2814961
AVClamAVno_virus
AVMalwareBytesTrojan.FakeMS
AVRising0x594bfe6e
AVTwisterno_virus
AVMcafeeRDN/Generic BackDoor
AVIkarusTrojan.Win32.Crypt
AVCAT (quickheal)Worm.Gamarue.r4
AVEmsisoftTrojan.GenericKD.2814961
AVAvira (antivir)TR/Crypt.Xpack.305363
AVGrisoft (avg)Crypt_r.AFZ
AVMicroWorld (escan)Trojan.GenericKD.2814961
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVBullGuardTrojan.GenericKD.2814961
AVDr. WebBackDoor.Andromeda.685
AVK7Trojan ( 004d48441 )
AVKasperskyTrojan.Win32.Generic
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVZillya!no_virus
AVF-SecureTrojan.GenericKD.2814961
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVAlwil (avast)Androp [Drp]
AVAd-AwareTrojan.GenericKD.2814961
AVCA (E-Trust Ino)no_virus
AVEset (nod32)Win32/Kryptik.EBPA

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.2.78.228
DNSeurope.pool.ntp.org
Type: A
5.9.80.113
DNSeurope.pool.ntp.org
Type: A
176.126.242.239
DNSeurope.pool.ntp.org
Type: A
188.39.98.165
DNSnorth-america.pool.ntp.org
Type: A
4.53.160.75
DNSnorth-america.pool.ntp.org
Type: A
24.56.178.140
DNSnorth-america.pool.ntp.org
Type: A
96.126.105.86
DNSnorth-america.pool.ntp.org
Type: A
108.61.194.85
DNSsouth-america.pool.ntp.org
Type: A
186.71.75.78
DNSsouth-america.pool.ntp.org
Type: A
200.1.22.6
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSasia.pool.ntp.org
Type: A
77.235.14.49
DNSasia.pool.ntp.org
Type: A
103.245.79.18
DNSasia.pool.ntp.org
Type: A
118.189.211.186
DNSasia.pool.ntp.org
Type: A
123.108.225.6
DNSoceania.pool.ntp.org
Type: A
120.146.26.214
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
59.167.170.228
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSafrica.pool.ntp.org
Type: A
41.204.120.137
DNSafrica.pool.ntp.org
Type: A
196.10.54.57
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
197.84.150.123

Raw Pcap

Strings