Analysis Date2015-12-24 13:47:38
MD5806f80647423f33b1b61de846188b9f6
SHA15ba15348d1c5129353dff2d10c109e97a4636ddd

Static Details:

File typePE32 executable for MS Windows (console) Intel 80386 32-bit
Section.text md5: fe731902ca9553100129b7def3897985 sha1: 1282cf6bae500b32be8061b3ab3f66b0ee497d92 size: 65536
Section.data md5: 8571f4dc565350d12ea39f644452dad4 sha1: a74b4647cec51d5b8c14a4f72bc4bbeb55afbbef size: 12288
Timestamp2015-09-26 04:41:40
Pdb pathangle1.pdb
PEhash75db303a08c546e2c4cfb5a742e53a22e7d28161
IMPhash1b6bcf1f9c85c639d7dd12154b6e903f
AVVirusBlokAda (vba32)no_virus
AVAuthentiumW32/S-b46960ca!Eldorado
AVTwisterTrojan.Girtk.DYVB.umlv
AVDr. WebTrojan.DownLoader17.35596
AVAd-AwareGen:Variant.Mikey.25184
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVRisingno_virus
AVTrend Microno_virus
AVBitDefenderGen:Variant.Mikey.25184
AVK7Trojan ( 004d2d5a1 )
AVAvira (antivir)TR/Crypt.ZPACK.81890
AVGrisoft (avg)Cryptic.EXT
AVMicroWorld (escan)Gen:Variant.Mikey.25184
AVEset (nod32)Win32/Kryptik.DYVB
AVMalwareBytesTrojan.Agent.ED
AVArcabit (arcavir)Gen:Variant.Mikey.25184
AVFrisk (f-prot)no_virus
AVSymantecTrojan.Gen.2
AVFortinetW32/Kryptik.DWDX!tr
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVEmsisoftGen:Variant.Mikey.25184
AVMcafeePacked-FH!806F80647423
AVIkarusTrojan.Cryptic
AVClamAVno_virus
AVBullGuardGen:Variant.Mikey.25184
AVF-SecureGen:Variant.Mikey.25184
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVCAT (quickheal)Worm.Gamarue.r2
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe
Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Process
↳ C:\WINDOWS\system32\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
89.238.136.135
DNSeurope.pool.ntp.org
Type: A
91.206.8.36
DNSeurope.pool.ntp.org
Type: A
194.1.151.226
DNSeurope.pool.ntp.org
Type: A
78.46.60.42
DNSnorth-america.pool.ntp.org
Type: A
167.88.117.204
DNSnorth-america.pool.ntp.org
Type: A
50.116.36.122
DNSnorth-america.pool.ntp.org
Type: A
50.116.55.65
DNSnorth-america.pool.ntp.org
Type: A
104.232.3.3
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSasia.pool.ntp.org
Type: A
218.189.210.4
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
103.245.79.2
DNSasia.pool.ntp.org
Type: A
211.233.40.78
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSoceania.pool.ntp.org
Type: A
103.242.70.4

Raw Pcap

Strings