Analysis Date2015-12-18 08:51:36
MD57c5510fa34ab095e8919814fb07ad4d2
SHA1673edbd2d0ac841413c903468e18e12a2fdf633b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d70f00a865e7000b9dfd8c1db9716bc5 sha1: a66896ed2da782e2fe906e8c451fa1002e5e16c1 size: 212992
Section.rdata md5: d6cd57b3266a684f3aa306aa1b5fa9d7 sha1: ecb7f3eb1aed34e79054cebcf522e81f7ff47609 size: 19456
Section.data md5: 45547231d7decd272064357db7ca2001 sha1: 1e9fcb3f34ccb8f32975b0f4aaf3e4425e8135ac size: 27136
Section.rsrc md5: cb88568353660f28a6477a5119c00cfb sha1: 4bc1b5a723b1c70fbe0bf7250695c511804a5b19 size: 53248
Timestamp2015-09-17 16:15:44
VersionLegalCopyright: 2005-2015 KMGS. All rights reserved
InternalName: KMG.EXE
CompanyShortName: KMGS
FileVersion: 45.0.6.2.26.9
CompanyName: Komok v Gorle Solutions
ProductShortName: KMG
ProductName: Komok v Gorle
LastChange: 79680
ProductVersion: 45.0.6.2.26.9
FileDescription: Komok v Gorle
OriginalFilename: KMG.EXE
Official Build: 0
PackerMicrosoft Visual C++ ?.?
PEhashc31eb53aa79d7b81f0eb0d07ed78f0479b3a6f0d
IMPhash759879f25481e814d6a44adc2d4e12e4
AVFortinetW32/Kryptik.ECMU!tr
AVAd-AwareTrojan.Lethic.Gen.9
AVBullGuardTrojan.Lethic.Gen.9
AVF-SecureTrojan.Lethic.Gen.9
AVClamAVno_virus
AVMicroWorld (escan)Trojan.Lethic.Gen.9
AVRisingno_virus
AVKasperskyTrojan.Win32.Generic
AVSymantecTrojan.Gen
AVCAT (quickheal)Ransom.Crowti.A4
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVCA (E-Trust Ino)no_virus
AVVirusBlokAda (vba32)Malware-Cryptor.084
AVMcafeePacked-FM!7C5510FA34AB
AVTwisterno_virus
AVK7Trojan ( 004cfa7d1 )
AVEset (nod32)Win32/Injector.CIWS
AVIkarusTrojan.Win32.Injector
AVAlwil (avast)Androp [Drp]
AVEmsisoftTrojan.Lethic.Gen.9
AVAvira (antivir)TR/AD.Gamarue.Y.529
AVZillya!Trojan.Injector.Win32.319539
AVTrend Microno_virus
AVBitDefenderTrojan.Lethic.Gen.9
AVDr. WebTrojan.Packed.32851
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVMalwareBytesTrojan.Agent
AVFrisk (f-prot)no_virus
AVGrisoft (avg)Crypt4.CKKY
AVArcabit (arcavir)Trojan.Lethic.Gen.9

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.170.62.252
DNSeurope.pool.ntp.org
Type: A
31.3.135.238
DNSeurope.pool.ntp.org
Type: A
37.120.173.240
DNSeurope.pool.ntp.org
Type: A
91.121.165.146
DNSnorth-america.pool.ntp.org
Type: A
207.196.240.30
DNSnorth-america.pool.ntp.org
Type: A
208.53.158.34
DNSnorth-america.pool.ntp.org
Type: A
208.75.89.4
DNSnorth-america.pool.ntp.org
Type: A
50.116.52.97
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSsouth-america.pool.ntp.org
Type: A
192.188.53.26
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSasia.pool.ntp.org
Type: A
218.189.210.4
DNSasia.pool.ntp.org
Type: A
52.69.228.202
DNSasia.pool.ntp.org
Type: A
128.199.87.155
DNSasia.pool.ntp.org
Type: A
157.7.154.23
DNSoceania.pool.ntp.org
Type: A
115.126.160.4
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
54.252.165.245
DNSafrica.pool.ntp.org
Type: A
146.231.129.86
DNSafrica.pool.ntp.org
Type: A
196.41.127.42
DNSafrica.pool.ntp.org
Type: A
197.82.150.123
DNSafrica.pool.ntp.org
Type: A
41.231.53.4

Raw Pcap

Strings