Analysis Date2015-11-25 01:31:51
MD503eac1fcce7aa00c0388cedfbc696f85
SHA15985d0f9b04bd340e0fdc3b7ac345ee7ef97cca2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: eb4d54e87ba789c2df447faf018f93f2 sha1: ec109d8947f450074525f460cccf63ee1ec542da size: 91648
Section.data md5: 70790a311ccf826665a5d74479960318 sha1: 2ba2c6848ca69caa7b493c741bfeea77e757ffbc size: 13824
Timestamp2015-04-16 08:58:18
PackerBorland Delphi 3.0 (???)
PEhash116a987b94742dc2dc70da2f65af8769a0798806
IMPhash60f1ae65043427404089a0e36707a67d
AVRisingno_virus
AVMcafeeCutwail-FECR!03EAC1FCCE7A
AVAvira (antivir)TR/Proxy.Gen
AVTwisterno_virus
AVAd-AwareTrojan.Inject.IA
AVAlwil (avast)Cutwail-CW [Trj]
AVEset (nod32)Win32/Wigon
AVGrisoft (avg)Generic36.AQUB
AVSymantecTrojan.Pandex!gm
AVFortinetW32/Cutwail.RU!tr
AVBitDefenderTrojan.Inject.IA
AVK7Trojan ( 003acb9d1 )
AVMicrosoft Security EssentialsSpammer:Win32/Cutwail.gen!D
AVMicroWorld (escan)Trojan.Inject.IA
AVMalwareBytesno_virus
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusGen.Trojan
AVEmsisoftTrojan.Inject.IA
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_WIGON.SM
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Inject.IA
AVArcabit (arcavir)Trojan.Inject.IA
AVClamAVno_virus
AVDr. WebBackDoor.Bulknet.739
AVF-SecureTrojan.Inject.IA
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeCutwail-FECR!03EAC1FCCE7A
AVAvira (antivir)TR/Proxy.Gen
AVTwisterno_virus
AVAd-AwareTrojan.Inject.IA
AVAlwil (avast)Cutwail-CW [Trj]
AVEset (nod32)Win32/Wigon
AVGrisoft (avg)Generic36.AQUB
AVSymantecTrojan.Pandex!gm
AVFortinetW32/Cutwail.RU!tr
AVBitDefenderTrojan.Inject.IA
AVK7Trojan ( 003acb9d1 )
AVMicrosoft Security EssentialsSpammer:Win32/Cutwail.gen!D
AVMicroWorld (escan)Trojan.Inject.IA
AVMalwareBytesno_virus
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusGen.Trojan

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\OSVersion ➝
74531
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32 ➝
C:\WINDOWS\system32\regedit.exe
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort ➝
65534
Creates File\Device\Afd\Endpoint
Creates Mutexlxjes12619

Network Details:

DNSmxs.mail.ru
Type: A
94.100.180.150
DNSmxs.mail.ru
Type: A
217.69.139.150
DNSalt4.gmail-smtp-in.l.google.com
Type: A
64.233.166.27
DNSgmail-smtp-in.l.google.com
Type: A
74.125.21.27
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.72
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.73
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.74
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.75
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.70
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.71
DNSmail7.digitalwaves.co.nz
Type: A
Flows TCP192.168.1.1:1031 ➝ 94.100.180.150:25
Flows TCP192.168.1.1:1032 ➝ 64.233.166.27:25
Flows TCP192.168.1.1:1033 ➝ 74.125.21.27:25

Raw Pcap

Strings