Analysis Date2015-12-04 05:09:39
MD5305673054301b381a876457c98d69389
SHA155ee93037b3ea62bd7e8bcc9d35b8a4093d1526f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d8ad8047a321cb62f08915953d8a7bdc sha1: 3c81765ea77d69547b0be681f4b3096e8611ccad size: 141824
Section.rdata md5: aca23b42fac8b1e175c11976f4d39274 sha1: 3227ab61c6f9db1807cd995531a44ce33c829001 size: 14848
Section.data md5: a25fa7cb140fdafabc2e2be5797a1933 sha1: b2b5a4145ab29298dfa412caacc1493d5ef8f3b3 size: 28672
Section.rsrc md5: dcc2c4ca41cb80a85140bc31d4cc0940 sha1: fe65c2b8eaedea15951a457d7e3c77d847b82f76 size: 483840
Timestamp2015-11-04 15:59:57
VersionLegalCopyright: © Microsoft Corporation. All rights reserved.
InternalName: sfc.exe
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
FileDescription: System Integrity Check and Repair
OriginalFilename: sfc.exe
PackerMicrosoft Visual C++ ?.?
PEhash905ba58b47631ef77d4f0ff3f2c3ea1e1b277b68
IMPhash6a734d261128f8f699e63e875f891fa2
AVMalwareBytesTrojan.FakeMS
AVMicroWorld (escan)Trojan.Lethic.Gen.9
AVF-SecureTrojan.Lethic.Gen.9
AVKasperskyTrojan.Win32.Generic
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVMicroWorld (escan)Trojan.Lethic.Gen.9
AVFortinetW32/Kryptik.EGLA!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Lethic.Gen.9
AVKasperskyTrojan.Win32.Generic
AVMcafeeRansom-CWall.b!305673054301
AVMcafeeRansom-CWall.b!305673054301
AVEmsisoftTrojan.Lethic.Gen.9
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVEset (nod32)Win32/Kryptik.EDOO
AVEset (nod32)Win32/Kryptik.EDOO
AVClamAVno_virus
AVFrisk (f-prot)no_virus
AVCAT (quickheal)TrojanDownloader.Upatre.r4
AVDr. WebTrojan.DownLoader17.40652
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004d5e6f1 )
AVAd-AwareTrojan.Lethic.Gen.9
AVMalwareBytesTrojan.FakeMS
AVAlwil (avast)Dorder-G [Trj]
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVAlwil (avast)Dorder-G [Trj]
AVAd-AwareTrojan.Lethic.Gen.9
AVEmsisoftTrojan.Lethic.Gen.9
AVCA (E-Trust Ino)no_virus
AVDr. WebTrojan.DownLoader17.40652
AVAvira (antivir)TR/Crypt.ZPACK.203339
AVAvira (antivir)TR/Crypt.ZPACK.203339
AVCAT (quickheal)TrojanDownloader.Upatre.r4
AVCA (E-Trust Ino)no_virus
AVFortinetW32/Kryptik.EGLA!tr
AVClamAVno_virus
AVArcabit (arcavir)Trojan.Lethic.Gen.9
AVBitDefenderTrojan.Lethic.Gen.9
AVBitDefenderTrojan.Lethic.Gen.9
AVArcabit (arcavir)Trojan.Lethic.Gen.9
AVGrisoft (avg)Crypt_r.AJL
AVGrisoft (avg)Crypt_r.AJL
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004d5e6f1 )
AVBullGuardTrojan.Lethic.Gen.9
AVBullGuardTrojan.Lethic.Gen.9
AVPadvishno_virus
AVPadvishno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc

Network Details:


Raw Pcap

Strings