Analysis Date2015-12-04 14:15:48
MD58da4cacff3ddaf821a26c05459c7351e
SHA168d21d879045ed6670c0014746ed9a02f796993e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f79034f928e3ee307677b6713301dd9b sha1: d403135ea450ad127529f4c29a7cece8ed466fc2 size: 105984
Section.rdata md5: 76b19a528c3414f1efb12aebeecaa51a sha1: 8a612dccb01485f2b635409ca4cbd1979c536637 size: 40448
Section.data md5: 7be8eea5586f94541090da86b478219a sha1: 34e6557dac5874383aff9c602a66aa395dcfda8c size: 35840
Section.rsrc md5: 39c184d7af79ec895762d9ecf24b76de sha1: c962f23498de1ee042e75c37b2b44274a7059fe2 size: 468992
Timestamp2015-10-20 10:24:59
PackerMicrosoft Visual C++ ?.?
PEhash602d899ea1730178ed292254490d578085ba6b6a
IMPhash0ce8e95aa3736c5ec46d08ea88126729
AVKasperskyTrojan.Win32.Yakes.njol
AVPadvishno_virus
AVF-SecureTrojan.GenericKDZ.30724
AVKasperskyTrojan.Win32.Yakes.njol
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVFortinetW32/Kryptik.EASA!tr
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004aef8a1 )
AVMcafeeGamarue-FDC!8DA4CACFF3DD
AVMcafeeGamarue-FDC!8DA4CACFF3DD
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVEset (nod32)Win32/Injector.BNHS
AVEset (nod32)Win32/Injector.BNHS
AVFortinetW32/Kryptik.EASA!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKDZ.30724
AVGrisoft (avg)Crypt_r.AFP
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004aef8a1 )
AVMalwareBytesRansom.CryptoWall
AVMalwareBytesRansom.CryptoWall
AVAd-AwareTrojan.GenericKDZ.30724
AVBullGuardTrojan.GenericKDZ.30724
AVBullGuardTrojan.GenericKDZ.30724
AVAlwil (avast)Androp [Drp]
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVCA (E-Trust Ino)no_virus
AVCA (E-Trust Ino)no_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVAlwil (avast)Androp [Drp]
AVCAT (quickheal)no_virus
AVCAT (quickheal)no_virus
AVAd-AwareTrojan.GenericKDZ.30724
AVAvira (antivir)no_virus
AVClamAVWin.Trojan.Generickdz-2345
AVClamAVWin.Trojan.Generickdz-2345
AVAvira (antivir)no_virus
AVGrisoft (avg)Crypt_r.AFP
AVDr. WebTrojan.DownLoad3.35944
AVDr. WebTrojan.DownLoad3.35944
AVArcabit (arcavir)Trojan.GenericKDZ.30724
AVBitDefenderTrojan.GenericKDZ.30724
AVEmsisoftTrojan.GenericKDZ.30724
AVEmsisoftTrojan.GenericKDZ.30724
AVBitDefenderTrojan.GenericKDZ.30724
AVArcabit (arcavir)Trojan.GenericKDZ.30724
AVPadvishno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\Xekuy\azqi.exe
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Application Data\Atykyd\guaxu.atk
Creates FileC:\Documents and Settings\Administrator\Application Data\Tueked\cedir.abi
Creates MutexGlobal\{0AFC1BF9-92FA-E59B-4448-B0C11C159EBB}

Network Details:


Raw Pcap

Strings