Analysis Date | 2015-08-22 07:02:27 |
---|---|
MD5 | e7c31fcacd7b9bb15fb6de0d29a07d6b |
SHA1 | 5ec6b7bceb0279e18ecc50076fc0a9e3c74c7ad9 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: fb1de71b8e4dc1cadd3a1dfb6355fd1a sha1: 86fc842fe5cc629733546626daf96bd14b00da23 size: 1024 | |
Section | .rdata md5: 5e001465d8cd3c885bc984c952e08cb6 sha1: 32ee3ee5d774fd02de6c2a88102ae2ee5e5e4e06 size: 1024 | |
Section | .data md5: fc7eb756c1f4b17f16449816cc3cec81 sha1: 2617518e49202d532dae1af9ba05aecfefd1e75b size: 512 | |
Section | .rsrc md5: c94ccb1cb9b65cd920748f0c486bcebd sha1: 9fd0951d72ba87dc208af495868f37498ca8e4eb size: 58368 | |
Timestamp | 2014-06-26 11:39:44 | |
PEhash | f13de80a8e0ee698bbf613cc72d0cfdb65aee45e | |
IMPhash | 4ca0a0adb97211d9334271ded971bdde | |
AV | CA (E-Trust Ino) | no_virus |
AV | F-Secure | Gen:Variant.Kazy.327123 |
AV | Dr. Web | Trojan.MulDrop3.14959 |
AV | ClamAV | no_virus |
AV | Arcabit (arcavir) | Gen:Variant.Kazy.327123 |
AV | BullGuard | Gen:Variant.Kazy.327123 |
AV | Padvish | no_virus |
AV | VirusBlokAda (vba32) | Trojan.Cutwail |
AV | CAT (quickheal) | Trojan.Cutwail.r4 |
AV | Trend Micro | TROJ_CUTWAIL.SM0 |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Zillya! | Trojan.Cutwail.Win32.168 |
AV | Emsisoft | Gen:Variant.Kazy.327123 |
AV | Ikarus | Trojan.Win32.Cutwail |
AV | Frisk (f-prot) | no_virus |
AV | Authentium | no_virus |
AV | MalwareBytes | Trojan.Agent.US |
AV | MicroWorld (escan) | Gen:Variant.Kazy.327123 |
AV | Microsoft Security Essentials | TrojanDownloader:Win32/Cutwail.BS |
AV | K7 | no_virus |
AV | BitDefender | Gen:Variant.Kazy.327123 |
AV | Fortinet | W32/Kryptik.CFFF!tr |
AV | Symantec | no_virus |
AV | Grisoft (avg) | Agent |
AV | Eset (nod32) | Win32/Kryptik.CFFF |
AV | Alwil (avast) | Cutwail-CM [Trj] |
AV | Ad-Aware | Gen:Variant.Kazy.327123 |
AV | Twister | no_virus |
AV | Avira (antivir) | TR/Dropper.Gen |
AV | Mcafee | Downloader-FAKU!E7C31FCACD7B |
AV | Rising | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\siskuxordese ➝ C:\Documents and Settings\Administrator\siskuxordese.exe |
---|---|
Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL |
Registry | HKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝ NULL |
Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝ 1 |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mauigiftbaskets[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\weru.co[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\casamolina[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\new-central[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\womeningold[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mpccontainment[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\1cashmere[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\fhgc[1].htm |
Creates File | C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670 |
Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\interstatepartners[1].htm |
Creates File | PIPE\lsarpc |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tadashichi[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lotcottages[1].htm |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\magi-cat[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\petrus-kirche[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gsprinters[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\allisoriginals[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tuchikawa-soba[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\dukecom[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\einus[1].htm |
Creates File | C:\Documents and Settings\Administrator\siskuxordese.exe |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\southamerica-photo[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\hirose-aa[1].htm |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\plastivan[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mauigiftbaskets[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\weru.co[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\casamolina[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\new-central[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\womeningold[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mpccontainment[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\1cashmere[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\fhgc[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\interstatepartners[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tadashichi[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lotcottages[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\magi-cat[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\petrus-kirche[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tuchikawa-soba[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\allisoriginals[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gsprinters[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\dukecom[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\einus[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\southamerica-photo[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\hirose-aa[1].htm |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\plastivan[1].htm |
Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
Creates Mutex | WininetConnectionMutex |
Creates Mutex | c:!documents and settings!administrator!cookies! |
Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Creates Mutex | siskuxordese |
Winsock DNS | gsprinters.com |
Winsock DNS | magi-cat.org |
Winsock DNS | einus.net |
Winsock DNS | mauigiftbaskets.com |
Winsock DNS | casamolina.com |
Winsock DNS | tuchikawa-soba.com |
Winsock DNS | fhgc.com |
Winsock DNS | petrus-kirche.ch |
Winsock DNS | southamerica-photo.com |
Winsock DNS | 1cashmere.com |
Winsock DNS | allisoriginals.com |
Winsock DNS | tadashichi.com |
Winsock DNS | interstatepartners.com |
Winsock DNS | weru.co.jp |
Winsock DNS | mpccontainment.com |
Winsock DNS | dukecom.com |
Winsock DNS | plastivan.pl |
Winsock DNS | womeningold.com |
Winsock DNS | hirose-aa.com |
Winsock DNS | lotcottages.com |
Winsock DNS | new-central.com |
Network Details:
DNS | smtp.glbdns2.microsoft.com Type: A 65.55.176.126 |
---|---|
DNS | smtp.mail.global.gm0.yahoodns.net Type: A 63.250.193.228 |
DNS | smtp.mail.global.gm0.yahoodns.net Type: A 98.138.105.21 |
DNS | smtp.mail.global.gm0.yahoodns.net Type: A 98.139.211.125 |
DNS | mpccontainment.com Type: A 198.170.74.105 |
DNS | dukecom.com Type: A 199.230.54.140 |
DNS | petrus-kirche.ch Type: A 80.74.155.167 |
DNS | plastivan.pl Type: A 62.129.197.22 |
DNS | lotcottages.com Type: A 54.231.141.10 |
DNS | interstatepartners.com Type: A 69.73.180.18 |
DNS | mauigiftbaskets.com Type: A 198.154.239.214 |
DNS | tadashichi.com Type: A 157.7.183.121 |
DNS | tuchikawa-soba.com Type: A 203.189.104.205 |
DNS | allisoriginals.com Type: A 64.85.170.150 |
DNS | new-central.com Type: A 211.10.2.122 |
DNS | weru.co.jp Type: A 49.212.180.217 |
DNS | gsprinters.com Type: A 192.185.169.161 |
DNS | southamerica-photo.com Type: A 89.161.171.117 |
DNS | womeningold.com Type: A 141.8.226.14 |
DNS | fhgc.com Type: A 64.90.41.75 |
DNS | magi-cat.org Type: A 74.208.99.68 |
DNS | 1cashmere.com Type: A 204.11.56.48 |
DNS | hirose-aa.com Type: A 153.122.38.44 |
DNS | einus.net Type: A 221.143.46.17 |
DNS | smtp.live.com Type: A |
DNS | smtp.mail.yahoo.com Type: A |
HTTP POST | http://dukecom.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://mpccontainment.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://lotcottages.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://petrus-kirche.ch/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://plastivan.pl/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://interstatepartners.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://mauigiftbaskets.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://tadashichi.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://tuchikawa-soba.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://allisoriginals.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://new-central.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://weru.co.jp/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://gsprinters.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://southamerica-photo.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://womeningold.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://fhgc.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://1cashmere.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://magi-cat.org/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://hirose-aa.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
HTTP POST | http://einus.net/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
Flows TCP | 192.168.1.1:1031 ➝ 65.55.176.126:25 |
Flows TCP | 192.168.1.1:1032 ➝ 63.250.193.228:25 |
Flows TCP | 192.168.1.1:1034 ➝ 199.230.54.140:80 |
Flows TCP | 192.168.1.1:1040 ➝ 198.170.74.105:80 |
Flows TCP | 192.168.1.1:1044 ➝ 54.231.141.10:80 |
Flows TCP | 192.168.1.1:1045 ➝ 80.74.155.167:80 |
Flows TCP | 192.168.1.1:1046 ➝ 62.129.197.22:80 |
Flows TCP | 192.168.1.1:1047 ➝ 69.73.180.18:80 |
Flows TCP | 192.168.1.1:1053 ➝ 198.154.239.214:80 |
Flows TCP | 192.168.1.1:1054 ➝ 157.7.183.121:80 |
Flows TCP | 192.168.1.1:1055 ➝ 203.189.104.205:80 |
Flows TCP | 192.168.1.1:1056 ➝ 64.85.170.150:80 |
Flows TCP | 192.168.1.1:1057 ➝ 211.10.2.122:80 |
Flows TCP | 192.168.1.1:1058 ➝ 49.212.180.217:80 |
Flows TCP | 192.168.1.1:1059 ➝ 192.185.169.161:80 |
Flows TCP | 192.168.1.1:1060 ➝ 89.161.171.117:80 |
Flows TCP | 192.168.1.1:1061 ➝ 141.8.226.14:80 |
Flows TCP | 192.168.1.1:1062 ➝ 64.90.41.75:80 |
Flows TCP | 192.168.1.1:1063 ➝ 74.208.99.68:80 |
Flows TCP | 192.168.1.1:1064 ➝ 204.11.56.48:80 |
Flows TCP | 192.168.1.1:1065 ➝ 153.122.38.44:80 |
Flows TCP | 192.168.1.1:1066 ➝ 221.143.46.17:80 |
Raw Pcap
Strings