Analysis Date2015-08-06 14:39:50
MD5b8a337277909cb61be377e05eb3aff4d
SHA160ba286fceec0ce7550c52e6e790de9367e37f6c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: bf67e14867984cf30a3197bcc19ea295 sha1: 43d5a189d08e293b07a19762e4bda97a0e20526e size: 12800
Section.idata md5: 1d6a8313bc597a49635866e676a7cfa0 sha1: 6380e56739a3d0b29d9fded51c47c74a76fa6f95 size: 512
Section.data md5: 95a1bf3278e6d96056008bc84ea57ca7 sha1: 94a5401555e4280891657c0accc5d7da742dce50 size: 3072
Section.idata md5: c74aa53afa2af10313b4ab6a12376970 sha1: f0098ca8a465d8182809e42558a696351ba6f9b5 size: 512
Section.pdata md5: 9c48a74c210daaa59a2f27a44cd7b771 sha1: fe19c94220e3673ef76943340c9c008370407c0d size: 14336
Section.sdata md5: 66a5ab78e8ae6769e296613288a7a06d sha1: 7a471581ea50467f119ff7a959e4062711fd6900 size: 12800
Section.rsrc md5: d9f8681e229ec55f3f273fc095a11419 sha1: 0706e52cec8bed3a96f20e0439fd78c99c5f3b08 size: 4096
Timestamp2012-07-31 15:45:01
PEhashd1752d71ea3fbf30adf2a961ec73f048c1474fd8
IMPhash62395f1c6dea147c8c75d7f982a6fe57
AVCA (E-Trust Ino)Win32/Zbot.AM!generic
AVF-SecureGen:Variant.Kazy.83896
AVDr. WebBackDoor.Tishop
AVClamAVWin.Trojan.Androm-71
AVArcabit (arcavir)Gen:Variant.Kazy.83896
AVBullGuardGen:Variant.Kazy.83896
AVPadvishTrojan.Yakes.akfq
AVVirusBlokAda (vba32)Trojan.Yakes
AVCAT (quickheal)no_virus
AVTrend MicroTSPY_ZBOT.SM3T
AVKasperskyTrojan.Win32.Generic
AVZillya!Trojan.Kryptik.Win32.271565
AVEmsisoftGen:Variant.Kazy.83896
AVIkarusTrojan-Spy.Win32.Zbot
AVFrisk (f-prot)W32/Falab.F.gen!Eldorado
AVAuthentiumW32/Falab.F.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.83896
AVMicrosoft Security EssentialsDDoS:Win32/Dofoil.A
AVK7Password-Stealer ( 003f06421 )
AVBitDefenderGen:Variant.Kazy.83896
AVFortinetW32/Kryptik.YLA!tr
AVSymantecTrojan.Gen
AVGrisoft (avg)Generic29.DVD
AVEset (nod32)Win32/Kryptik.AJFL
AVAlwil (avast)Crypt-QTS [Trj]
AVAd-AwareGen:Variant.Kazy.83896
AVTwisterVirus.1B0D@124000@2FF400.mg
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVMcafeePWS-Zbot.gen.yl
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings