Analysis Date2015-01-16 15:22:51
MD5824995ede571d772a1fa303942f22b51
SHA15a3853f3bfbcd1a9fa232f572d94fee2837030cc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhashb7c4381dcddbd5768cc2f4a353f95bd8274ec99f
IMPhash5795c9e1e92679de260a5b2a5f81dae0
AV360 Safeno_virus
AVAd-AwareTrojan.Encpk.Gen.1
AVAlwil (avast)Fareit-KX [Trj]
AVArcabit (arcavir)Trojan.Encpk.Gen.1
AVAuthentiumW32/Trojan.GWLA-1545
AVAvira (antivir)TR/Inject.295564
AVBullGuardTrojan.Encpk.Gen.1
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVWin.Trojan.Fareit-309
AVDr. WebTrojan.DownLoad3.28650
AVEmsisoftTrojan.Encpk.Gen.1
AVEset (nod32)Win32/Spy.Zbot.ZR
AVFortinetW32/Injector.ATCM!tr
AVFrisk (f-prot)W32/Trojan2.NXQA
AVF-SecureTrojan.Encpk.Gen.1
AVGrisoft (avg)Generic9_c.BPSN
AVIkarusVirus.Win32.VBInject
AVK7Trojan ( 0048f6841 )
AVKasperskyTrojan-PSW.Win32.Fareit.amdr
AVMalwareBytesTrojan.VBKrypt
AVMcafeeGenericR-AWM!73DA77F0EB3C
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.1
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecTrojan.Zbot
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)TrojanPSW.Fareit

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
`$~
....
...
.
..
.
.00.0009
040904B0
1.00.0009
CompanyName
config
FileVersion
InternalName
mpolikjutd
mposednhytf
onfig.exe
OriginalFilename
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
0a=yj0K
0eJS #kny
0}L5K#
1O*n;C
1}*]p2
2G#IaF
2UwC=a
,:3$`/+
">3($)
3wq`6`
\'4bOh
4et;JpuE
<~#4H>;_3
4]OBWD
/4(#>P
?*+4SH
.4Xr.h
5[;Fa/
5lzihu
|5Ma$I"cTu
 5( &Wa
.66.i<
6BphjC3C
	6MdN[5
_%7DUs
7u5 @~o
8`dPG0
8j ]%-
8&mqdk
8zjMPm
94^dX6
99fZ]Q
9Aa vm
9l$\w_
#]9V6Z
a7Rmq-
A{".Ew>z6
aP5Qhg
a*!;T^}
A<~X^	
|')a[z
B&06:7
)B1/#@6Z2P
B2X3	^U
>B7a^^\SOII
"BEAGQ
(b}hw1
$bj`he
_-b;k==z I
bq|~a5
.bqI$L
Bqq.w*
bU]S\#
by\X{X
"	;|c>
c@6(V!!VVT,
C*$C 5
&ChWVPB
CIs52IX
C/)Z=Xqb0
d2u67V^
.)D$H)
--=;Dk
dO	T4w
* D,p$
<&DQ4	
D$t+D$\
D$t#D$h
)[d#^U
dyEbg3
e;1>.00*($$$$
efoZGX
ef=Q|v
e){K)D
eNPH_0Y }
EpwU7;
E$*tfs
ev8LIB
<&)EX}"
ExitProcess
eYe_YmZT;<
f3rT`G
f43oV)
F59Cu *
 f|eFZT
ffWHDg
fJpeSv
FMfMC.
Fp6PX	,
;fW Wl
fxAo"	
f+xP+-
g\?+=]
]G0FDH
$g4x5l
-G\b1 
Gb<hXg,
GetProcAddress
gf>q%ehm
"GnjUY
g_OF=jqi
$'[?G^OJ
gT4k7>;&
G*\u7O
@".=GuQ
GX[K[c
GZm6A)
h1T/0-
hCAodXx
hcUW:[X
hD6@5Ca
h@k~f!/
"~hwn?
h-y4'x;
I7k26	n
i7Lnk/
i%:gp(
iiNZXXXXTTTP////T
-IKjv_
IMlIv_
IV)J4J
iW`M`VWMWZKMKK7G70*0%79<9
	iXgL`
ixyUT6[
j3Cn%X ^=
}J/4tW%8wh
j6Sl)2=
j!]CQw_
J<D|FsoW
J?GwHU
J{ijE?
>j{<=o+
'JQ_Lx3
jQx9WQX
juMJG4B
jVv/u',
$j?xjl
@|jYEA
k|0=|R
k(~4:J
;kAJp^
K|D]r}
KERNEL32.DLL
kE)t2i=Z
kV*LF4
kYU[_:
~l^@*>
l!3Ae7
lB}m	%
l:GAL$
L>!.jd
l?<newektoworgo
LoadLibraryA
}L]OB+
$lX!GZO
LyTX!-T
M2P	9F
m'8^^$
MC3W`3r
mfq8>c
!\&MjQ
/ms>	D
MSVBVM60.DLL
N?56`P+[v
newektoworgo
newektoworgoUXTQRSXWWPPVSQXSUVORXTVRXROSXOVSQXSRSVSRQUOOSRRXUVnewektoworgo
NNNNNNNNN)
Nv	9hAi
nz8,!fG
o?2X{;
o4y$I %
{O$75@l
oA(a)p.
O~*D9(
o<*FCN
ok5D/?
oKK,Vi
oN$p[d	
oooo0a
)O|?q<Sh
oQ*VK|-v
OvY[vdI
PI^$Z>
p?jzKC
pMEJ4%.[-C3
pMn<-a
pooo0a
>\pQsf
p}SAf+n
P)\w~)
p){Z-t
q2xZ!dP
q|"?aW
q@P!($$
qUKa[E
RlNAH~M
rMGqaCiB
r\Q~{^
R<]r5M6b
R^tT:lV
rvrvoop[[[<<<<:::L49
>R/:y<
sA*<h,
;:S~bV
S!Fmya
shy08Ow
s`)L$4
>S$%QU
s;.S7+?A
SystemParametersInfoW
T&& )(
t0qmQj
t3y15CE
!This program cannot be run in DOS mode.
&tSP} 3_
t$t#t$l
ttttt<|
tU^LW%
tV+^ln
U4Qkh-
%u6QfB
&uAC2si	
ucM!l3
;U=~lb
U'Qkd,
(*}uqn\
USer32.DlL
UU\}|p
Ux*ad]
v33Y,.v
_}	Vb}d
vHfF=R
VirtualAlloc
VirtualFree
VirtualProtect
}VKNU6X
vLd/@/
Vlw2;z@
]V(NP_
	!VtL}
)V|?U^n
*W~4 A
>$(WB2O 
wf,Jo_
*&WH*sD
.^+wi>
(^WJeDa
'"wmv\
wnG|b}R
w[Pf_m
wwwwwwp
wwwwwwW
wwWXwX
wXwxxwuuuw
X5%G!"
XD{.yS
!;X[=I
x/K/ei2
XLC~v.
XPTPSW
]xRTti
XsmmppppppppppmC
XT$rno
xuuuewWwVWWw
xwuwuw
xwwxwWwW
||||xxpU
xxWwPw
xxxr0,
xXxxww|u}w
y8*D6?
Y9%WCe
y</^={A
__`yaN
yc":z(
.	y:{F
`"]y="i
y`?KD1S
Y*q56qm`s
Yq +>J
Y#>&R~
Y(r)`C
Yt&HHQYo@
Y/vwBD<R
}}yyyyvv|U
Z;A|5k,
Z@G)3s<Y
zHFgHGm
Z>k;ij
ZKkhHh
|'zs_6
:&<Zuo
Z.w`2T