Analysis Date2015-10-27 15:29:56
MD5449cdf5ad283ce37e6867d21610b8f4d
SHA16e2267f719fb5e8320af9094ac6813605e63756d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 729947f50b40b647aceedd76a784edf1 sha1: 8660e11cbc843529eac873273d42eae46e846d1b size: 11264
Section.data md5: 95e35c02ffb8900afcdb3b534fb56711 sha1: 063c352d5049c5b47439ac090a02d0cd286719e4 size: 5986
Section.rsrc md5: 50243b8fc6e330a14c64c3aace7883ca sha1: 63531f2c34895379c69c75a842dce725827add9e size: 18136
Timestamp2014-03-15 05:47:31
PEhashfe487e13da9b34c9806faac0207ea47aa1b843c1
IMPhashdf0e79d97f00107506f8943f65032731
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeUpatre-FACU!449CDF5AD283
AVAvira (antivir)TR/Dldr.Waski.ionbc
AVTwisterTrojan.QKK.ca.rwao.mg
AVAd-AwareGen:Variant.Symmi.51619
AVAlwil (avast)Dyre-K [Trj]
AVEset (nod32)Win32/Kryptik.DHMH
AVGrisoft (avg)Crypt5.FTY
AVSymantecno_virus
AVFortinetW32/Kryptik.DHMH!tr
AVBitDefenderGen:Variant.Symmi.51619
AVK7Trojan ( 004c16241 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVMicroWorld (escan)Gen:Variant.Symmi.51619
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.M.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.M.gen!Eldorado
AVIkarusTrojan-Downloader.Win32.Upatre
AVEmsisoftGen:Variant.Symmi.51619
AVZillya!Downloader.CTBLocker.Win32.6
AVKasperskyTrojan-Downloader.Win32.Upatre.sby
AVTrend MicroTROJ_UPATRE.SMTR
AVCAT (quickheal)Trojan.Bagsu.013322
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Symmi.51619
AVArcabit (arcavir)Gen:Variant.Symmi.51619
AVClamAVno_virus
AVDr. WebTrojan.Upatre.8933
AVF-SecureGen:Variant.Symmi.51619
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\10a7_appcompat.txt
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1512 -e 148 -g
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 192

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 192

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1512 -e 148 -g

Network Details:


Raw Pcap

Strings