Analysis Date2015-11-15 15:42:37
MD58da2862b59d3fd600aa2198098730ec0
SHA15629ce4924ab017fe951c32f5f93b331efacea51

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f9ad6b317e746b66179a47674b868225 sha1: f47626ec5b57c799befc46963b65a233bfe128b2 size: 55808
Section.data md5: 3f76e19ac39b5213ee832664be5b065d sha1: 484603e3a31b7aeda1b354fa463fbf0825cd0f96 size: 5120
Section.rsrc md5: ef6f4735d88db29cf4018105d20584dc sha1: 89e52674167305b970daf020ac810efa2fd348bc size: 6144
Timestamp2014-04-24 20:11:33
PackerMicrosoft Visual C++ ?.?
PEhash93fd1e2ae66e64096889adba2c4be5834c392211
IMPhash5d0530dec67800fdf5904df75adbbcf9
AVF-SecureTrojan:W32/Agent.DUVZ
AVAuthentiumW32/A-b1164738!Eldorado
AVMalwareBytesTrojan.Upatre
AVDr. WebTrojan.DownLoad3.32950
AVGrisoft (avg)Downloader.Generic13.CCDV
AVMalwareBytesTrojan.Upatre
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVMicroWorld (escan)Gen:Variant.Strictor.55615
AVTrend MicroTROJ_UPATRE.SMJG
AVClamAVWin.Trojan.Zbot-33796
AVTwisterTrojanDldr.Tiny.NKK.cmuk
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVBitDefenderGen:Variant.Strictor.55615
AVMicroWorld (escan)Gen:Variant.Strictor.55615
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVFortinetW32/Tiny.NKK!tr
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVIkarusTrojan-Downloader.Win32.zbot
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)TrojanDropper.Demp
AVArcabit (arcavir)Gen:Variant.Strictor.55615
AVMcafeePWSZbot-FTY!8DA2862B59D3
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVAd-AwareGen:Variant.Strictor.55615
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVSymantecDownloader.Ponik
AVFortinetW32/Tiny.NKK!tr
AVK7Trojan-Downloader ( 004993d51 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVRisingno_virus
AVMcafeePWSZbot-FTY!8DA2862B59D3
AVTwisterTrojanDldr.Tiny.NKK.cmuk
AVAd-AwareGen:Variant.Strictor.55615
AVGrisoft (avg)Downloader.Generic13.CCDV
AVSymantecDownloader.Ponik
AVBitDefenderGen:Variant.Strictor.55615
AVK7Trojan-Downloader ( 004993d51 )
AVAuthentiumW32/A-b1164738!Eldorado
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Variant.Strictor.55615
AVZillya!Downloader.Tiny.Win32.3378
AVCAT (quickheal)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Strictor.55615
AVCA (E-Trust Ino)Win32/Zbot.VXGFUP
AVRisingno_virus
AVIkarusTrojan-Downloader.Win32.zbot
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\temp_cab_72937.cab
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\5629ce4924ab017fe951c32f5f93b331efacea51.doc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSwindowsupdate.microsoft.com

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.189
DNSwww.update.microsoft.com.nsatc.net
Type: A
157.55.240.94
DNSwindowsupdate.microsoft.com
Type: A
HTTP GEThttp://windowsupdate.microsoft.com/
User-Agent: Opera/9.25 (Windows NT 6.0; U; en)
Flows TCP192.168.1.1:1031 ➝ 65.55.50.189:80

Raw Pcap

Strings