Analysis Date2015-10-01 01:49:32
MD52a1a8a9ed61f09bb78b730af4072487a
SHA1572d1d090c3e8e87deaed47d633de6b1c7329808

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5c9a2c481c4c9b75f326dcf38ca3e0b1 sha1: c89bba9b83802de3f83b4f3b5b5d8d0ec1cc72b6 size: 30208
Section.rdata md5: 10e242df32aa75ad43030c31ae11bd7d sha1: 7d56ee141129f3554940b771b03a45aa38b45015 size: 16896
Section.data md5: 7b542a4c43000ce780ac72f588c76d2f sha1: 36bfac7ce74b0c75db1fdc633a25004681487e38 size: 3584
Section.vberi md5: b12208045f697b2a8f7f59340b10797a sha1: ee74d0c5207487bb9ff845d1b38af904ad53d7b9 size: 15360
Section.rsrc md5: dd991c0abdd2c7accd37e3ea01b14483 sha1: e5be66c654d74ecd75bd0b4e6c6e0b4620eadab6 size: 1536
Section.reloc md5: 7b22ca0365c01422bc93178a47dd39ab sha1: 5108afd2743e0e700fb2671496cb300eb79c6bc7 size: 3072
Timestamp2015-09-08 16:00:43
VersionLegalCopyright: dswteyurtetuitr
InternalName: dswteyurtetuitr
FileVersion: 3.10.349.0
CompanyName: dswteyurtetuitr
LegalTrademarks1: dswteyurtetuitr
LegalTrademarks2: dswteyurtetuitr
ProductName: dswteyurtetuitr
ProductVersion: 3.10
FileDescription: dswteyurtetuitr
OriginalFilename: dswteyurtetuitr
PackerMicrosoft Visual C++ ?.?
PEhashb539249f508cef48f440650a0cba9553909a9571
IMPhashd74c37241bb3d1254b3a354215a8cda6
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.GenericKD.2714627
AVDr. WebBackDoor.Andromeda.614
AVClamAVno_virus
AVArcabit (arcavir)Trojan.GenericKD.2714627
AVBullGuardTrojan.GenericKD.2714627
AVPadvishTrojan.Win32.FakeSysDef.OE
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyBackdoor.Win32.Androm.ielf
AVZillya!no_virus
AVEmsisoftTrojan.GenericKD.2714627
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.JLVQ-8694
AVMalwareBytesTrojan.Downloader.INJ
AVMicroWorld (escan)Trojan.GenericKD.2714627
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVK7no_virus
AVBitDefenderTrojan.GenericKD.2714627
AVFortinetW32/Kryptik.DWDZ!tr
AVSymantecno_virus
AVGrisoft (avg)Crypt_r.QD
AVEset (nod32)Win32/Kryptik.DWDZ
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareTrojan.GenericKD.2714627
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.Xpack.261416
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
62.75.236.38
DNSeurope.pool.ntp.org
Type: A
129.70.132.36
DNSeurope.pool.ntp.org
Type: A
91.218.89.74
DNSeurope.pool.ntp.org
Type: A
85.25.85.13
DNSnorth-america.pool.ntp.org
Type: A
108.61.73.243
DNSnorth-america.pool.ntp.org
Type: A
207.32.191.59
DNSnorth-america.pool.ntp.org
Type: A
204.235.61.9
DNSnorth-america.pool.ntp.org
Type: A
132.163.4.101
DNSsouth-america.pool.ntp.org
Type: A
170.155.148.1
DNSsouth-america.pool.ntp.org
Type: A
146.164.48.5
DNSsouth-america.pool.ntp.org
Type: A
66.60.22.202
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
211.233.40.78
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSasia.pool.ntp.org
Type: A
120.119.31.1
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
192.189.54.33
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSafrica.pool.ntp.org
Type: A
196.41.127.42
DNSafrica.pool.ntp.org
Type: A
168.167.71.131
DNSafrica.pool.ntp.org
Type: A
41.73.42.22
DNSafrica.pool.ntp.org
Type: A
197.157.194.21
DNSpool.ntp.org
Type: A
104.236.167.15
DNSpool.ntp.org
Type: A
172.82.134.51
DNSpool.ntp.org
Type: A
66.228.42.59
DNSpool.ntp.org
Type: A
104.41.150.68

Raw Pcap

Strings