Analysis Date2016-01-28 16:46:51
MD56d8cde1c1db363a7791268edeb17acf2
SHA16babb0edce5f76af9da7c99b6a718abc7b64b1ce

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5c81e156b44e92784cc6517e384f49da sha1: dbbee08c18b998d6c988dd17ace152e792e0ac32 size: 92672
Section.rdata md5: 8d873ae4b8e4e3bc55355911a8749557 sha1: 27ec1673954263092aceaeda1b6993a185b0857b size: 18944
Section.data md5: 610ede2611e16b0d7dc2bfdc75ae7fb9 sha1: 131499a65aa71227f99e68438ddf91d198a581d0 size: 8704
Section.ttttttt md5: dc47ae8271441ee86cbb89b8e0ccd29a sha1: 0294e4abd238d18a8ba2248dc3a3c0b3783a03a2 size: 4608
Section.vagina md5: 38ec8ffce8a41dce03dcb2b167e54ee5 sha1: 55e84e38c73f66d404d6e30431120e052f0280a2 size: 10240
Section.rsrc md5: a075a35d28ae0edd9553996d91a97a00 sha1: 2fab5211120254a522c5731039d14944594de226 size: 47104
Timestamp2016-01-26 06:21:26
VersionLegalCopyright: looking at ass hole
InternalName: jim bot
FileVersion: 568.24885 trenik
CompanyName: maymun
ProductName: yebanawka
ProductVersion: 568.24885 trenik
FileDescription: hora girls
OriginalFilename: bruklin
PackerMicrosoft Visual C++ ?.?
PEhash908cb384c4b43a6e78c4dc20fb1f5cd58069c64d
IMPhash983b919b5c1d7d6383e90023b63388b8
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/AD.Gamarue.Y.1831
AVTwisterNo Virus
AVAd-AwareGen:Variant.Midie.6599
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.ELTU
AVGrisoft (avg)Crypt_r.AUD
AVSymantecNo Virus
AVFortinetW32/Kryptik.ELTU!tr
AVBitDefenderGen:Variant.Midie.6599
AVK7No Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVMicroWorld (escan)No Virus
AVMalwareBytesBackdoor.Andromeda
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)No Virus
AVIkarusNo Virus
AVEmsisoftGen:Variant.Midie.6599
AVZillya!No Virus
AVKasperskyTrojan.Win32.Agent.netxcu
AVTrend MicroNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVBullGuardGen:Variant.Midie.6599
AVArcabit (arcavir)Trojan.GenericKD.3012477
AVClamAVNo Virus
AVDr. WebNo Virus
AVF-SecureTrojan.GenericKD.3012477
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
131.188.3.221
DNSeurope.pool.ntp.org
Type: A
31.3.104.60
DNSeurope.pool.ntp.org
Type: A
93.180.6.3
DNSeurope.pool.ntp.org
Type: A
94.125.129.7
DNSnorth-america.pool.ntp.org
Type: A
97.107.128.58
DNSnorth-america.pool.ntp.org
Type: A
52.0.56.137
DNSnorth-america.pool.ntp.org
Type: A
52.6.160.3
DNSnorth-america.pool.ntp.org
Type: A
67.227.252.196
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.197
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSasia.pool.ntp.org
Type: A
118.189.211.186
DNSasia.pool.ntp.org
Type: A
123.108.225.6
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSasia.pool.ntp.org
Type: A
82.200.209.236
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSafrica.pool.ntp.org
Type: A
196.41.127.42
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSafrica.pool.ntp.org
Type: A
196.223.19.3
DNSafrica.pool.ntp.org
Type: A
41.231.7.85

Raw Pcap

Strings