Analysis Date2015-11-03 19:35:29
MD53ea965a171bf5087b0f3a5a013e9ce11
SHA169a96c531bd57874c91923ba609bb648cdf560ac

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0b5a93a553c2dfaf247aef28e4d001e1 sha1: 12b068d788e02d6639908472a51268f48169f8a0 size: 15872
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.xcpad md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 0b6d2c49a0c581aac667520fe1d64be9 sha1: a586ae8e761b7a3c2dcf7c09daecc422b50c4229 size: 1024
Section.reloc md5: 1d2826c44311e3eea7285e947f031826 sha1: 151a275336fe91e4b1ac431cddfb43c73c5b6186 size: 512
Section.rsrc md5: a687e23da3596b07910f9289787f6f82 sha1: 5f64df3e5e1acd3260b5ec4085bdfb48e2de55c8 size: 2048
Timestamp1970-01-01 00:00:56
VersionLegalCopyright:
PackagerVersion: 7.0.162
InternalName:
FileVersion: 1.0.0.0
CompanyName:
Comments:
ProductName:
ProductVersion: 1.0.0.0
FileDescription:
Packager: Xenocode Postbuild 2009 for .NET Beta
OriginalFilename:
PackerBorland Delphi 3.0 (???)
PEhashca2f38d651b62f46326479b1e270c4c27800e77e
IMPhash4582ffdd7eb98cb63a937096204182b7
AVCA (E-Trust Ino)Win32/Poison.BT
AVF-SecureTrojan:W32/Agent.DRDU
AVDr. WebTrojan.DownLoader.64331
AVClamAVTrojan.Poison-419
AVArcabit (arcavir)Gen:Backdoor.Heur.Bifrose.wy3@bqn1BOlG
AVBullGuardGen:Backdoor.Heur.Bifrose.wy3@bqn1BOlG
AVPadvishMalware.Trojan.Poison-419
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Agent.bcn
AVZillya!Trojan.Agent.Win32.100716
AVEmsisoftGen:Backdoor.Heur.Bifrose.wy3@bqn1BOlG
AVIkarusBackdoor.Poison
AVFrisk (f-prot)W32/Backdoor2.GCDV
AVAuthentiumW32/Backdoor2.GCDV
AVMalwareBytesSpyware.Pony
AVMicroWorld (escan)Gen:Backdoor.Heur.Bifrose.wy3@bqn1BOlG
AVMicrosoft Security EssentialsBackdoor:Win32/Bifrose.HM
AVK7Riskware ( 0040eff71 )
AVBitDefenderGen:Backdoor.Heur.Bifrose.wy3@bqn1BOlG
AVFortinetW32/Generic.AC.2325454
AVSymantecBackdoor.Trojan
AVGrisoft (avg)BackDoor.Generic12.CEDX
AVEset (nod32)Win32/Bifrose.ADR
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Backdoor.Heur.Bifrose.wy3@bqn1BOlG
AVTwisterTrojan.AFE5A9A934CE2EF9
AVAvira (antivir)TR/Crypt.CFI.Gen
AVMcafeeBackDoor-DKI.gen.ak
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates Process"C:\server.exe"
Creates Mutex_xvm_mtx_other_0xD0341F53
Creates Mutex_xvm_mtx_reg_0xD0341F53
Creates Mutex_xvm_mtx_file_0xD0341F53

Process
↳ "C:\server.exe"

Creates Mutex_xvm_mtx_other_0xD0341F53
Creates MutexDBWinMutex
Creates Mutex_xvm_mtx_reg_0xD0341F53
Creates Mutex_xvm_mtx_file_0xD0341F53

Network Details:


Raw Pcap

Strings