Analysis Date2015-09-27 08:00:42
MD505b16740dbabe1f96ff53da0ac21543f
SHA16d10944cfe9d436357d24103cc8e3211088f557f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a92124c9521e06281c3ed2dace8d5d0d sha1: f83be7831f9045cf862fa5e536e54d06cb71b45b size: 12288
Section.rdata md5: 35374c4a0066066c6eb9aacb552e5bf3 sha1: 7eeec331563657150d58c064e09086ca10d5379c size: 4096
Section.data md5: 16139d3eb09b95dadaf18685d0ddfbd2 sha1: 6328e9124473212983bc7e1f066d492abd51bb48 size: 4096
Section.rsr md5: 60f3226c633f330f6a5cff9bb0c8b5a0 sha1: 582ae7f9f604db147741fc5ba73b82843b1d2807 size: 40960
Timestamp2014-02-23 16:54:12
PEhashd24e64afaa38f832aa24e2d4ca5a67096b5ceff2
IMPhash73692cd9dc92f7e99cc6b3c910f2c9fd
AVRisingno_virus
AVMcafeeDownloader-FYH!05B16740DBAB
AVAvira (antivir)TR/Dropper.Gen
AVTwisterTrojan.DFBCEE04CC86FB0C
AVAd-AwareTrojan.Lethic.Gen.5
AVAlwil (avast)Zbot-STK [Trj]
AVEset (nod32)Win32/Injector.AYRS
AVGrisoft (avg)Downloader.Agent2.BTGE
AVSymantecno_virus
AVFortinetW32/Zbot.AZVY!tr
AVBitDefenderTrojan.Lethic.Gen.5
AVK7Trojan-Downloader ( 004948121 )
AVMicrosoft Security EssentialsTrojan:Win32/Bulta!rfn:VirTool:Win32/CeeInject.gen!KK:Trojan:Win32/Carberp.I
AVMicroWorld (escan)Trojan.Lethic.Gen.5
AVMalwareBytesTrojan.Inject.ED
AVAuthentiumW32/Trojan.MMNI-3355
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Downloader.Win32.Upatre
AVEmsisoftTrojan.Lethic.Gen.5
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)Backdoor.Symmi
AVPadvishno_virus
AVBullGuardTrojan.Lethic.Gen.5
AVArcabit (arcavir)Trojan.Lethic.Gen.5
AVClamAVno_virus
AVDr. WebTrojan.PWS.Panda.5676
AVF-SecureTrojan.Lethic.Gen.5
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
20140216\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://164.177.153.146:64167/stat?uptime=100&downlink=1111&uplink=1111&id=00265C01&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://178.60.205.159:10315/stat?uptime=100&downlink=1111&uplink=1111&id=00267064&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://202.217.72.1:19919/stat?uptime=100&downlink=1111&uplink=1111&id=0026841B&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://209.124.65.156:31643/stat?uptime=100&downlink=1111&uplink=1111&id=002697E2&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://188.165.249.160:61107/stat?uptime=100&downlink=1111&uplink=1111&id=0026AB98&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://107.21.217.73:43993/stat?uptime=100&downlink=1111&uplink=1111&id=0026BF5F&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://75.101.129.31:33391/stat?uptime=100&downlink=1111&uplink=1111&id=0026D345&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://184.168.221.25:22903/stat?uptime=100&downlink=1111&uplink=1111&id=0026E72A&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://96.126.119.85:30821/stat?uptime=100&downlink=1111&uplink=1111&id=0026FB01&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://209.124.65.156:31643/stat?uptime=100&downlink=1111&uplink=1111&id=00270EC7&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://178.60.205.159:10315/stat?uptime=100&downlink=1111&uplink=1111&id=002722AD&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://212.83.160.220:41047/stat?uptime=100&downlink=1111&uplink=1111&id=00273673&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://190.93.242.114:29342/stat?uptime=100&downlink=1111&uplink=1111&id=00274A49&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://128.140.228.101:32872/stat?uptime=100&downlink=1111&uplink=1111&id=00275E2F&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://198.100.144.53:15396/stat?uptime=100&downlink=1111&uplink=1111&id=00277205&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://107.6.131.234:49891/stat?uptime=100&downlink=1111&uplink=1111&id=002785CC&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://78.46.54.252:21580/stat?uptime=100&downlink=1111&uplink=1111&id=00279973&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://202.217.72.1:19919/stat?uptime=100&downlink=1111&uplink=1111&id=0027AD3A&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://60.28.214.20:12772/stat?uptime=100&downlink=1111&uplink=1111&id=0027C0F0&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://149.126.74.93:15539/stat?uptime=100&downlink=1111&uplink=1111&id=0027D498&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://133.242.1.99:27501/stat?uptime=100&downlink=1111&uplink=1111&id=0027E84F&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://46.32.255.157:62059/stat?uptime=100&downlink=1111&uplink=1111&id=0027FC15&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://162.213.197.249:48372/stat?uptime=100&downlink=1111&uplink=1111&id=00280FDC&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://108.168.128.107:53109/stat?uptime=100&downlink=1111&uplink=1111&id=00282392&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://77.75.49.140:23516/stat?uptime=100&downlink=1111&uplink=1111&id=0028373A&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://200.59.162.167:25833/stat?uptime=100&downlink=1111&uplink=1111&id=00284AF1&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://162.13.15.172:54663/stat?uptime=100&downlink=1111&uplink=1111&id=00285EB7&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://62.116.186.76:12825/stat?uptime=100&downlink=1111&uplink=1111&id=0028726E&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://188.64.186.92:19592/stat?uptime=100&downlink=1111&uplink=1111&id=00288615&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://75.126.219.150:14950/stat?uptime=100&downlink=1111&uplink=1111&id=002899EB&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://176.28.54.73:31571/stat?uptime=100&downlink=1111&uplink=1111&id=0028ADC1&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://205.186.143.129:21583/stat?uptime=100&downlink=1111&uplink=1111&id=0028C188&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://98.142.208.226:19285/stat?uptime=100&downlink=1111&uplink=1111&id=0028D55E&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://80.252.188.228:30708/stat?uptime=100&downlink=1111&uplink=1111&id=0028E915&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://200.59.162.167:25833/stat?uptime=100&downlink=1111&uplink=1111&id=0028FCCC&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://144.212.130.17:11263/stat?uptime=100&downlink=1111&uplink=1111&id=00291083&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://212.143.70.40:17896/stat?uptime=100&downlink=1111&uplink=1111&id=0029243A&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://195.29.89.52:16796/stat?uptime=100&downlink=1111&uplink=1111&id=00293800&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://54.241.28.66:21074/stat?uptime=100&downlink=1111&uplink=1111&id=00294BD6&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://62.116.186.76:12825/stat?uptime=100&downlink=1111&uplink=1111&id=00295F8D&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://164.177.153.146:64167/stat?uptime=100&downlink=1111&uplink=1111&id=00297363&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://23.21.52.60:35596/stat?uptime=100&downlink=1111&uplink=1111&id=0029870A&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://162.13.47.94:29296/stat?uptime=100&downlink=1111&uplink=1111&id=00299AD1&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://82.98.104.7:30871/stat?uptime=100&downlink=1111&uplink=1111&id=0029AE88&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://62.210.199.74:42737/stat?uptime=100&downlink=1111&uplink=1111&id=0029C22F&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://50.116.54.156:46956/stat?uptime=100&downlink=1111&uplink=1111&id=0029D5E6&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://109.73.172.108:16193/stat?uptime=100&downlink=1111&uplink=1111&id=0029E99D&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://72.11.155.134:19793/stat?uptime=100&downlink=1111&uplink=1111&id=0029FD73&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://46.32.255.157:62059/stat?uptime=100&downlink=1111&uplink=1111&id=002A1149&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://108.60.149.204:39836/stat?uptime=100&downlink=1111&uplink=1111&id=002A24F0&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://209.124.64.2:12898/stat?uptime=100&downlink=1111&uplink=1111&id=002A3888&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://212.47.210.143:61307/stat?uptime=100&downlink=1111&uplink=1111&id=002A4C2F&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://130.207.160.173:12131/stat?uptime=100&downlink=1111&uplink=1111&id=002A5FC7&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
HTTP GEThttp://70.38.101.66:11410/stat?uptime=100&downlink=1111&uplink=1111&id=002A735E&statpass=bpass&version=20140216&features=30&guid=946092fa-e712-4021-a89e-68dc8dbd46c5&comment=20140216&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 164.177.153.146:64167
Flows TCP192.168.1.1:1031 ➝ 164.177.153.146:64167
Flows TCP192.168.1.1:1032 ➝ 178.60.205.159:10315
Flows TCP192.168.1.1:1033 ➝ 202.217.72.1:19919
Flows TCP192.168.1.1:1034 ➝ 209.124.65.156:31643
Flows TCP192.168.1.1:1035 ➝ 188.165.249.160:61107
Flows TCP192.168.1.1:1036 ➝ 107.21.217.73:43993
Flows TCP192.168.1.1:1037 ➝ 75.101.129.31:33391
Flows TCP192.168.1.1:1038 ➝ 184.168.221.25:22903
Flows TCP192.168.1.1:1039 ➝ 96.126.119.85:30821
Flows TCP192.168.1.1:1040 ➝ 209.124.65.156:31643
Flows TCP192.168.1.1:1041 ➝ 178.60.205.159:10315
Flows TCP192.168.1.1:1042 ➝ 212.83.160.220:41047
Flows TCP192.168.1.1:1043 ➝ 190.93.242.114:29342
Flows TCP192.168.1.1:1044 ➝ 128.140.228.101:32872
Flows TCP192.168.1.1:1045 ➝ 198.100.144.53:15396
Flows TCP192.168.1.1:1046 ➝ 107.6.131.234:49891
Flows TCP192.168.1.1:1047 ➝ 78.46.54.252:21580
Flows TCP192.168.1.1:1048 ➝ 202.217.72.1:19919
Flows TCP192.168.1.1:1049 ➝ 60.28.214.20:12772
Flows TCP192.168.1.1:1050 ➝ 149.126.74.93:15539
Flows TCP192.168.1.1:1051 ➝ 133.242.1.99:27501
Flows TCP192.168.1.1:1052 ➝ 46.32.255.157:62059
Flows TCP192.168.1.1:1053 ➝ 162.213.197.249:48372
Flows TCP192.168.1.1:1054 ➝ 108.168.128.107:53109
Flows TCP192.168.1.1:1055 ➝ 77.75.49.140:23516
Flows TCP192.168.1.1:1056 ➝ 200.59.162.167:25833
Flows TCP192.168.1.1:1057 ➝ 162.13.15.172:54663
Flows TCP192.168.1.1:1058 ➝ 62.116.186.76:12825
Flows TCP192.168.1.1:1059 ➝ 188.64.186.92:19592
Flows TCP192.168.1.1:1060 ➝ 75.126.219.150:14950
Flows TCP192.168.1.1:1061 ➝ 176.28.54.73:31571
Flows TCP192.168.1.1:1062 ➝ 205.186.143.129:21583
Flows TCP192.168.1.1:1063 ➝ 98.142.208.226:19285
Flows TCP192.168.1.1:1064 ➝ 80.252.188.228:30708
Flows TCP192.168.1.1:1065 ➝ 200.59.162.167:25833
Flows TCP192.168.1.1:1066 ➝ 144.212.130.17:11263
Flows TCP192.168.1.1:1067 ➝ 212.143.70.40:17896
Flows TCP192.168.1.1:1068 ➝ 195.29.89.52:16796
Flows TCP192.168.1.1:1069 ➝ 54.241.28.66:21074
Flows TCP192.168.1.1:1070 ➝ 62.116.186.76:12825
Flows TCP192.168.1.1:1071 ➝ 164.177.153.146:64167
Flows TCP192.168.1.1:1072 ➝ 23.21.52.60:35596
Flows TCP192.168.1.1:1073 ➝ 162.13.47.94:29296
Flows TCP192.168.1.1:1074 ➝ 82.98.104.7:30871
Flows TCP192.168.1.1:1075 ➝ 62.210.199.74:42737
Flows TCP192.168.1.1:1076 ➝ 50.116.54.156:46956
Flows TCP192.168.1.1:1077 ➝ 109.73.172.108:16193
Flows TCP192.168.1.1:1078 ➝ 72.11.155.134:19793
Flows TCP192.168.1.1:1079 ➝ 46.32.255.157:62059
Flows TCP192.168.1.1:1080 ➝ 108.60.149.204:39836
Flows TCP192.168.1.1:1081 ➝ 209.124.64.2:12898
Flows TCP192.168.1.1:1082 ➝ 212.47.210.143:61307
Flows TCP192.168.1.1:1083 ➝ 130.207.160.173:12131
Flows TCP192.168.1.1:1084 ➝ 70.38.101.66:11410

Raw Pcap

Strings