Analysis Date2015-11-15 20:38:53
MD5a10a533488b6ae85f7c651d0668431a0
SHA170546a6925c4c50dc6c59fe6e5c4cc119ca0f447

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 08e0dfaf8f640d2c2d2000ef5b16e205 sha1: aa4832ba70cdaa7bf44b008fb84efac90cc93b71 size: 11776
Section.data md5: 8fc66675485793269435ca71577d6ff9 sha1: 9a1df9704f448e2669eaeb95a892497618b8e9aa size: 3584
Section.rsrc md5: 7f4648ad9161c2d8802d3ad7ca53c2ec sha1: 16322cf657fc0398969d6d2ec97ec057156f3bca size: 8704
Timestamp2014-04-25 19:06:39
PackerMicrosoft Visual C++ v6.0
PEhashf3c46271c329ee18ebaaa3ef64b8ad0e44cdc5dc
IMPhash049f5399cf4c2939b4ae13c73bde9a62
AVF-SecureGen:Trojan.Ipatre.1
AVAuthentiumW32/A-00000ab0!Eldorado
AVMalwareBytesTrojan.Upatre
AVDr. WebTrojan.DownLoad3.32980
AVGrisoft (avg)Generic_s.DJJ
AVMalwareBytesTrojan.Upatre
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVMicroWorld (escan)Gen:Trojan.Ipatre.1
AVTrend MicroTROJ_DALEXIS.SMF
AVClamAVWin.Trojan.Downloader-61420
AVAd-AwareGen:Trojan.Ipatre.1
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVBitDefenderGen:Trojan.Ipatre.1
AVMicroWorld (escan)Gen:Trojan.Ipatre.1
AVAvira (antivir)TR/Tiny.uajsd
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVFortinetW32/Tiny.NKL!tr.dldr
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVIkarusTrojan-Downloader
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)TrojanDropper.Demp
AVArcabit (arcavir)Gen:Trojan.Ipatre.1
AVMcafeePWSZbot-FTY!A10A533488B6
AVTwisterTrojanDldr.Tiny.NKK.dagb
AVAvira (antivir)TR/Tiny.uajsd
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVSymantecDownloader
AVFortinetW32/Tiny.NKL!tr.dldr
AVK7Trojan-Downloader ( 004993d51 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVRisingno_virus
AVMcafeePWSZbot-FTY!A10A533488B6
AVTwisterTrojanDldr.Tiny.NKK.dagb
AVAd-AwareGen:Trojan.Ipatre.1
AVGrisoft (avg)Generic_s.DJJ
AVSymantecDownloader
AVBitDefenderGen:Trojan.Ipatre.1
AVK7Trojan-Downloader ( 004993d51 )
AVAuthentiumW32/A-00000ab0!Eldorado
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Trojan.Ipatre.1
AVZillya!no_virus
AVCAT (quickheal)no_virus
AVPadvishno_virus
AVBullGuardGen:Trojan.Ipatre.1
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVIkarusTrojan-Downloader
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\temp_cab_73437.cab
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\70546a6925c4c50dc6c59fe6e5c4cc119ca0f447.rtf
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSwindowsupdate.microsoft.com

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
157.55.240.94
DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.190
DNSwindowsupdate.microsoft.com
Type: A
HTTP GEThttp://windowsupdate.microsoft.com/
User-Agent: Opera/9.25 (Windows NT 6.0; U; en)
Flows TCP192.168.1.1:1031 ➝ 157.55.240.94:80

Raw Pcap

Strings