Analysis Date2015-08-12 03:39:18
MD5f59f538f3f8676f9deb1767bee48c1fd
SHA16f135788faaba4cabec5c453d4523ea23e04ac2a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5b554e6dab1caefd20cb8a59f7792f40 sha1: d75d8d16799830caf2a1785595019905f4262f86 size: 299008
Section.rdata md5: b04df6c17c9ad120d54863578f32f7d2 sha1: aa7ae02d8b921a32eabac274851cb087348f75b7 size: 34304
Section.data md5: 07d4c179b31f06129dc6b44819c68d9b sha1: d17d272dae69c48c2dd01831b7db3489db154433 size: 101376
Timestamp2014-10-30 09:46:43
PackerMicrosoft Visual C++ ?.?
PEhashc2bc8fb3945243fdd1648ac3e6a3f0de113b5942
IMPhash03dbac9006cb631cb64d481e61f65ba2
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Symmi.22722
AVDr. WebTrojan.DownLoader15.19365
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVBullGuardGen:Variant.Symmi.22722
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Trojan.Dynamer.AC3
AVTrend MicroTSPY_NIVDORT.SMB
AVKasperskyTrojan.Win32.Generic
AVZillya!Trojan.Agent.Win32.546305
AVEmsisoftGen:Variant.Symmi.22722
AVIkarusTrojan.FBAccountLock
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Wonton.B.gen!Eldorado
AVMalwareBytesTrojan.Zbot.WHE
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.BD
AVK7Trojan ( 004938ec1 )
AVBitDefenderGen:Variant.Symmi.22722
AVFortinetW32/Agent.VNC!tr
AVSymantecDownloader.Upatre!g15
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Agent.VNC
AVAlwil (avast)Downloader-TLD [Trj]
AVAd-AwareGen:Variant.Symmi.22722
AVRising0x58e939f1
AVTwisterTrojan.Agent.VNC.aanx.mg
AVAvira (antivir)BDS/Zegost.Gen4
AVMcafeeTrojan-FEMT!F59F538F3F86

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\DCOM Certificate Image Interface ➝
C:\Documents and Settings\Administrator\Application Data\jiblrdmz\pubtqrydg.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\jiblrdmz\pubtqrydg.exe
Creates ProcessC:\Documents and Settings\Administrator\Application Data\jiblrdmz\pubtqrydg.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\jiblrdmz\pubtqrydg.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\jiblrdmz\pubtqrydg.gf
Creates FileC:\Documents and Settings\Administrator\Application Data\jiblrdmz\csxccujsz.exe
Creates File\Device\Afd\Endpoint
Creates ProcessWATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\jiblrdmz\pubtqrydg.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\jiblrdmz\pubtqrydg.exe"

Network Details:

DNSmovementhowever.net
Type: A
DNSoutsidehowever.net
Type: A
DNSbuildingchoose.net
Type: A
DNSeveningchoose.net
Type: A
DNSbuildingalthough.net
Type: A
DNSeveningalthough.net
Type: A
DNSbuildingperiod.net
Type: A
DNSeveningperiod.net
Type: A
DNSbuildinghowever.net
Type: A
DNSeveninghowever.net
Type: A
DNSstorechoose.net
Type: A
DNSmightchoose.net
Type: A
DNSstorealthough.net
Type: A
DNSmightalthough.net
Type: A
DNSstoreperiod.net
Type: A
DNSmightperiod.net
Type: A
DNSstorehowever.net
Type: A
DNSmighthowever.net
Type: A
DNSdoctorchoose.net
Type: A
DNSprettychoose.net
Type: A
DNSdoctoralthough.net
Type: A
DNSprettyalthough.net
Type: A
DNSdoctorperiod.net
Type: A
DNSprettyperiod.net
Type: A
DNSdoctorhowever.net
Type: A
DNSprettyhowever.net
Type: A
DNSfellowchoose.net
Type: A
DNSdoublechoose.net
Type: A
DNSfellowalthough.net
Type: A
DNSdoublealthough.net
Type: A
DNSfellowperiod.net
Type: A
DNSdoubleperiod.net
Type: A
DNSfellowhowever.net
Type: A
DNSdoublehowever.net
Type: A
DNSbrokenchoose.net
Type: A
DNSresultchoose.net
Type: A
DNSbrokenalthough.net
Type: A
DNSresultalthough.net
Type: A
DNSbrokenperiod.net
Type: A
DNSresultperiod.net
Type: A
DNSbrokenhowever.net
Type: A
DNSresulthowever.net
Type: A
DNSpreparechoose.net
Type: A
DNSdesirechoose.net
Type: A
DNSpreparealthough.net
Type: A
DNSdesirealthough.net
Type: A
DNSprepareperiod.net
Type: A
DNSdesireperiod.net
Type: A
DNSpreparehowever.net
Type: A
DNSdesirehowever.net
Type: A
DNSstrengthchoose.net
Type: A
DNSstillchoose.net
Type: A
DNSstrengthalthough.net
Type: A
DNSstillalthough.net
Type: A
DNSstrengthperiod.net
Type: A
DNSstillperiod.net
Type: A
DNSstrengthhowever.net
Type: A
DNSstillhowever.net
Type: A
DNSmovementsingle.net
Type: A
DNSoutsidesingle.net
Type: A
DNSmovementcharge.net
Type: A
DNSoutsidecharge.net
Type: A
DNSmovementdifference.net
Type: A
DNSoutsidedifference.net
Type: A
DNSmovementevery.net
Type: A
DNSoutsideevery.net
Type: A
DNSbuildingsingle.net
Type: A
DNSeveningsingle.net
Type: A
DNSbuildingcharge.net
Type: A
DNSeveningcharge.net
Type: A
DNSbuildingdifference.net
Type: A
DNSeveningdifference.net
Type: A
DNSbuildingevery.net
Type: A
DNSeveningevery.net
Type: A
DNSstoresingle.net
Type: A
DNSmightsingle.net
Type: A
DNSstorecharge.net
Type: A
DNSmightcharge.net
Type: A
DNSstoredifference.net
Type: A
DNSmightdifference.net
Type: A
DNSstoreevery.net
Type: A
DNSmightevery.net
Type: A
DNSdoctorsingle.net
Type: A
DNSprettysingle.net
Type: A
DNSdoctorcharge.net
Type: A

Raw Pcap

Strings