Analysis Date2015-12-27 16:03:57
MD551608fe042db4b13a183d94551ed3aee
SHA1566a2e5bc8fc24a22049cd856ecedb5a1a0944f9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3c269b75b67312d64e5462c0b7a30759 sha1: cae491ff602afcfe1f0393abd695308a014db1a6 size: 84480
Section.rdata md5: b9e367f23598c0d3bc67344704b7f57c sha1: 43734fd5618aadc1bf9c7512883d957e9fabeddc size: 46080
Section.data md5: 94b1c09292c831e4657b49764d3c3c9e sha1: 2f97fe79383d4b31ec4488af6dd4e6d68cc0a939 size: 34304
Section.rsrc md5: 39d304062ec01b3e23f8c77606dda911 sha1: 8a58e9e906267d8bb010b0aa97eb20860755a6f1 size: 26112
Timestamp2015-06-27 20:06:36
VersionLegalCopyright:
FileVersion:
CompanyName: ICE Graphics
Comments: This installation was built with Inno Setup.
ProductName: ICE Book Reader Professional Russian
ProductVersion:
FileDescription: ICE Book Reader Professional Russian Setup
PackerMicrosoft Visual C++ ?.?
PEhashcd08faa4bac9c90791ecca86f2c676123f8d9347
IMPhash1ac34c460ccfe4899e3b47b87cc19293
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVIkarusTrojan.Win32.Crypt
AVEset (nod32)Win32/Kryptik.DNXG
AVK7Trojan ( 004c73cb1 )
AVDr. WebBackDoor.Andromeda.614
AVVirusBlokAda (vba32)Backdoor.Androm
AVMicroWorld (escan)Gen:Variant.Kazy.654269
AVSymantecTrojan.Gen
AVCA (E-Trust Ino)no_virus
AVGrisoft (avg)Crypt4.BBVI
AVArcabit (arcavir)Gen:Variant.Kazy.654269
AVKasperskyTrojan.Win32.Generic
AVAvira (antivir)TR/Crypt.Xpack.247797
AVEmsisoftGen:Variant.Kazy.654269
AVBitDefenderGen:Variant.Kazy.654269
AVMalwareBytesTrojan.Ropest.ED
AVAlwil (avast)Androp [Drp]
AVRisingno_virus
AVCAT (quickheal)Ransom.Cryptodef.S4
AVTrend MicroBKDR_ANDROM.CEB
AVF-SecureGen:Variant.Kazy.654269
AVAd-AwareGen:Variant.Kazy.654269
AVFortinetW32/Kryptik.DNXG!tr
AVTwisterno_virus
AVMcafeeRDN/Generic BackDoor!bdt
AVClamAVno_virus
AVFrisk (f-prot)W32/FakeAlert.ACZ.gen!Eldorado
AVBullGuardGen:Variant.Kazy.654269
AVAuthentiumW32/FakeAlert.ACZ.gen!Eldorado
AVZillya!Backdoor.Androm.Win32.21792

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
195.154.216.44
DNSeurope.pool.ntp.org
Type: A
78.46.189.152
DNSeurope.pool.ntp.org
Type: A
78.47.226.8
DNSeurope.pool.ntp.org
Type: A
193.145.15.15
DNSnorth-america.pool.ntp.org
Type: A
209.208.79.69
DNSnorth-america.pool.ntp.org
Type: A
108.61.56.35
DNSnorth-america.pool.ntp.org
Type: A
192.95.20.208
DNSnorth-america.pool.ntp.org
Type: A
208.88.126.226
DNSsouth-america.pool.ntp.org
Type: A
190.228.30.178
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSsouth-america.pool.ntp.org
Type: A
190.15.141.64
DNSasia.pool.ntp.org
Type: A
160.16.101.116
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
77.235.14.49
DNSasia.pool.ntp.org
Type: A
106.185.48.114
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSoceania.pool.ntp.org
Type: A
202.6.248.11
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
103.242.68.69

Raw Pcap

Strings