Analysis Date2015-08-13 04:35:45
MD51fc991b8961350e465bd06447e51a961
SHA17053def935d25a4ce441a3fa3a1ceb215056c653

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 60e0df3f2b2626c1fe265d856659f70f sha1: bf891c8580c8204e9287e9cfb3fac848378d6869 size: 512
Section.rdata md5: 25c3ec00fd89b16d26bdcbe1d1736c6b sha1: 942f5af299c32fea649d43deabda409f85d734a6 size: 104960
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Timestamp2014-04-25 14:20:47
PEhash452084841e56b5b1b59dd2cd4ba3a474d50ad26f
IMPhash5d907e4f447d6c7f2275c3923df49f63
AVTrend MicroBKDR_PLUGX.EO
AVCA (E-Trust Ino)no_virus
AVPadvishno_virus
AVBullGuardGen:Win32.ExplorerHijack.gmW@a0cnrGn
AVRisingno_virus
AVAlwil (avast)KadrBot [Trj]
AVKasperskyno_virus
AVDr. WebTrojan.PWS.Ibank.814
AVVirusBlokAda (vba32)no_virus
AVMcafeeRDN/Sdbot.worm!bz
AVFortinetW32/Generik.IMIYPAP!tr
AVEset (nod32)no_virus
AVClamAVno_virus
AVF-SecureGen:Win32.ExplorerHijack.gmW@a0cnrGn
AVEmsisoftGen:Win32.ExplorerHijack.gmW@a0cnrGn
AVZillya!no_virus
AVFrisk (f-prot)no_virus
AVCAT (quickheal)no_virus
AVMalwareBytesno_virus
AVBitDefenderGen:Win32.ExplorerHijack.gmW@a0cnrGn
AVSymantecTrojan.Gen
AVAd-AwareGen:Win32.ExplorerHijack.gmW@a0cnrGn
AVMicrosoft Security Essentialsno_virus
AVAvira (antivir)TR/Dropper.Gen
AVAuthentiumno_virus
AVGrisoft (avg)no_virus
AVTwisterVirus.56576A406800100000.mg
AVK7no_virus
AVIkarusGen.Win32.ExplorerHijack
AVArcabit (arcavir)Gen:Win32.ExplorerHijack.gmW@a0cnrGn
AVMicroWorld (escan)Gen:Win32.ExplorerHijack.gmW@a0cnrGn

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates ProcessC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates MutexGlobal\ylknm

Process
↳ C:\Documents and Settings\All Users\DRM\XXX\.exe

Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates MutexGlobal\aabqz
Creates MutexGlobal\ommdvtuqnjwvdfajh
Creates MutexGlobal\mxufovgpujrelcqpp
Creates MutexGlobal\sodkb
Creates MutexGlobal\kdiolmoexbmog
Creates MutexGlobal\yomxamirg
Creates MutexGlobal\ssmuagced
Creates MutexGlobal\ylknm
Creates MutexGlobal\wucme
Creates MutexGlobal\mschu
Creates MutexGlobal\ehjwk
Creates MutexGlobal\egbyx
Creates MutexGlobal\ehkzbwkeeajtl
Creates MutexGlobal\uimnyxkbx
Creates MutexGlobal\wyllxlzfs
Creates MutexGlobal\abktq
Creates MutexGlobal\yolmkdfltbeiyknbl
Creates MutexGlobal\mwmjwuuwpuvcczsph

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041228.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041224.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041233.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041244.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041209.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041218.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX\nprqyjadoqkp
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041238.jpg
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813041213.jpg
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexGlobal\000000010000000000000100
Creates MutexMMMM
Winsock DNS127.0.0.1

Network Details:

Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53
Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53

Raw Pcap

Strings