Analysis Date2015-09-16 20:20:40
MD591f05e62ea2dfe40745801af536752e4
SHA16b2708f8dcdd16182020358b1b18511486bae7e6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e5e50c10a3888deeaeda5dc2256ff63c sha1: 169fff8934ada03e36f94f43e1d294ef8f6ebf7d size: 17186
Section.rdata md5: e0ca4ca5fb5930ea6d8caca33033de70 sha1: 7c35f21d411a26cfa7341741dec6659d51091bbb size: 112280
Section.data md5: a85796c470b51ed6c527192cc3f6f633 sha1: 6ad33f7cb13213e87df3fa57d2309b79cc45972d size: 6592
Section.rsrc md5: 4ae71336e44bf9bf79d2752e234818a5 sha1: e129f27c5103bc5cc44bcdf0a15e160d445066ff size: 16
Section.reloc md5: b12fd3d6affe450b600560ed4958801e sha1: d4a24156935fa724ff2722d971d91d9aa2befe90 size: 2154
Timestamp2014-04-21 07:58:53
PackerMicrosoft Visual C++ ?.?
PEhashf10d7bd248873a3b7930dd748538ee4e147180af
IMPhash9f6fbf34abd659426cbc0dc8bc1dd107
AVRisingno_virus
AVMcafeeRDN/Generic.hra
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVTwisterTrojan.DOMG.bcpf
AVAd-AwareGen:Win32.ExplorerHijack.juX@aaJDeWp
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Korplug.BY
AVGrisoft (avg)Agent4.BTSZ
AVSymantecno_virus
AVFortinetW32/Korplug.BY!tr
AVBitDefenderGen:Win32.ExplorerHijack.juX@aaJDeWp
AVK7no_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Win32.ExplorerHijack.juX@aaJDeWp
AVMalwareBytesno_virus
AVAuthentiumno_virus
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Agent4
AVEmsisoftGen:Win32.ExplorerHijack.juX@aaJDeWp
AVZillya!Trojan.Korplug.Win32.287
AVKasperskyBackdoor.Win32.Gulpix.aov
AVTrend MicroBKDR_PLUGX.EO
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Win32.ExplorerHijack.juX@aaJDeWp
AVArcabit (arcavir)Gen:Win32.ExplorerHijack.juX@aaJDeWp
AVClamAVno_virus
AVDr. WebTrojan.PWS.Ibank.795
AVF-SecureGen:Win32.ExplorerHijack.juX@aaJDeWp
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates ProcessC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates MutexGlobal\qdulxkoda

Process
↳ C:\Documents and Settings\All Users\DRM\XXX\.exe

Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates MutexGlobal\wylaygfzl
Creates MutexGlobal\ommdvtuqnjwvdfajh
Creates MutexGlobal\wvisq
Creates MutexGlobal\yomxamirg
Creates MutexGlobal\ssmuagced
Creates MutexGlobal\aadodbpkgqnaj
Creates MutexGlobal\mschu
Creates MutexGlobal\aabhnqurdbfoh
Creates MutexGlobal\kdklk
Creates MutexGlobal\kcbgn
Creates MutexGlobal\gxkrqsnwbuyet
Creates MutexGlobal\wubqw
Creates MutexGlobal\uimnyxkbx
Creates MutexGlobal\abktq
Creates MutexGlobal\qdulxkoda
Creates MutexGlobal\ufkaq
Creates MutexGlobal\iqlpefsfveadljlia
Creates MutexGlobal\mwmjwuuwpuvcczsph

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191628.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191619.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191609.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191558.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191613.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX\nprqyjadoqkp
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191604.jpg
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191624.jpg
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150916191554.jpg
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexGlobal\000000010000000000000100
Creates MutexMMMM
Winsock DNS127.0.0.1

Network Details:

Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53

Raw Pcap

Strings