Analysis Date2017-07-14 21:27:39
MD570e8e6b27d49636d702d57d86175f21c
SHA17475e67e831d5e20bb17b868a2d1dd2705381a23

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6d925bb7c92891d92092e5ba31679da6 sha1: f02e233cd80cb1750319bab660c4491ba8f94f6d size: 11264
Section.data md5: 2cef6d4f2311bcfec4cda59a0faade22 sha1: 99a27609d72c2a7b7b1d8b35540b8ea25a1b8bfe size: 512
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: ae938999f163264d34ad0e618645e51e sha1: 00d65bb394e76a03d28ec85738139be9d7495e04 size: 27136
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash1d3a8719edcb8830ea4e1af0dd1507db
AV360 SafeWorm.Win32.Elenoocka.BD
AVAd-AwareTrojan.Agent.BGTU
AVAlwil (avast)GenMalicious-FAB [Trj]
AVArcabit (arcavir)Trojan.Agent.BGTU
AVAuthentiumW32/Trojan.RZJK-1377
AVAvira (antivir)TR/Crypt.Xpack.113798
AVBitDefenderTrojan.Agent.BGTU
AVBullGuardTrojan.Agent.BGTU
AVCA (E-Trust Ino)Trojan.Agent.BGTU
AVCAT (quickheal)TrojanDownloader.Dalexis.A3
AVClamAVWin.Trojan.Agent-1242594
AVDr. WebTrojan.Dridex.14
AVEmsisoftTrojan.Agent.BGTU
AVEset (nod32)Win32/TrojanDownloader.Elenoocka.A
AVF-SecureTrojan.Agent.BGTU
AVFortinetW32/Kryptik.CVBD!tr
AVFrisk (f-prot)W32/Trojan3.MTO
AVGrisoft (avg)Cryptic
AVIkarusTrojan-Downloader.Waski
AVK7Trojan-Downloader ( 00499db21 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Agent.Gen
AVMcafeeDownloader-FAMV!70E8E6B27D49
AVMicroWorld (escan)Trojan.Agent.BGTU
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Dalexis.A
AVNANOTrojan.Win32.Dridex.dkivob
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Zbot
AVSymantecDownloader.Ponik!gen11
AVTrend MicroTROJ_CRYPCTB.SMJ
AVTwisterTrojan.DOMG.mavz
AVVirusBlokAda (vba32)Trojan.Yakes
AVWindows DefenderTrojanDownloader:Win32/Dalexis.A
AVZillya!Downloader.Elenoocka.Win32.53

Runtime Details:

Screenshot

Process
↳ C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\7475e67e831d5e20bb17b868a2d1dd2705381a23.rtf
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\7475e67e831d5e20bb17b868a2d1dd2705381a23.rtf
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\7475e67e831d5e20bb17b868a2d1dd2705381a23.rtf
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates MutexCTF.LBES.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.Compart.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.Asm.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.Layouts.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.TMD.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.TimListCache.FMPDefaultS-1-5-21-2000478354-527237240-1801674531-1003MUTEX.DefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates Mutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00

Process
↳ C:\7475e67e831d5e20bb17b868a2d1dd2705381a23.exe

Creates Mutex
Creates Mutex99066044
Creates Mutex
Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\temp_cab_5492390.cab
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\temp_cab_5492390.cab
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\temp_cab_5492390.cab
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\7475e67e831d5e20bb17b868a2d1dd2705381a23.rtf
Creates FileC:\Program Files\Windows NT\Accessories\WORDPAD.EXE
Creates FileC:\Program Files\Windows NT\Accessories\WORDPAD.EXE
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates FileC:\WINDOWS\system32\dssenh.dll
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ➝
WordPad\\x00

Network Details:


Raw Pcap

Strings
 =4@@
15A@@
!5T@@
5E@@
,#8j
=<@@
=(@@
`	==@@
=?@@
!=Z@@
	=!@@
)=	@@
=#@@
=G@@
=T@@
!=4@@
=2@@
!=+@@
hL#@
5-@@
='@@
5$@@
=:@@
5L@@
%&@@
-H@@
P)=S@@
!5+@@
5'@@
)=O@@
)5K@@
)5	@@
=E@@
5W@@
!=I@@
%1@@
1=C@@
=*@@
!5)@@
5"@@
=Q@@
=C@@
=Q@@
5Y@@
5;@@
=7@@
=*@@
!=O@@
5@@@
=+@@
=@@@
=N@@
=V@@
5)@@
15.@@
=G@@
=Y@@
	5&@@
=6@@
)5-@@
15D@@
!=Y@@
(=C@@
 %/@@
)5K@@
%!@@
=J@@
WTSRegisterSessionNotification
WTSWaitSystemEvent
WTSEnumerateSessionsW
WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSSetUserConfigW
WTSFreeMemory
WTSOpenServerW
WTSVirtualChannelPurgeInput
WTSAPI32.dll
vSetDdrawflag
TransparentBlt
DllInitialize
GradientFill
AlphaBlend
msimg32.dll
RegEnumValueA
OpenServiceA
RegCloseKey
IsValidSecurityDescriptor
RegOpenKeyExA
ControlService
ClearEventLogA
IsTextUnicode
CreateProcessAsUserA
CreateServiceA
RegQueryValueA
IsValidSid
ADVAPI32.dll
	wsprintfA
DialogBoxParamA
GetMessageA
GetWindowTextA
GetCaretPos
IsZoomed
CharToOemA
SetCursorPos
LoadImageA
GetPropA
user32.dll
GetAtomNameA
GetProcessHeap
GetProcessTimes
WaitForSingleObject
GetProcAddress
GetTickCount
SetFilePointer
CloseHandle
GetCurrentDirectoryA
GetNumberFormatW
CreateDirectoryA
GetCurrentProcess
GetComputerNameA
CreateNamedPipeA
WriteConsoleA
CompareStringA
DeviceIoControl
GetBinaryTypeA
ReadFile
UpdateResourceA
ReadConsoleA
GetConsoleAliasW
HeapValidate
GetDateFormatA
GetModuleHandleA
GetPrivateProfileIntA
SetFileAttributesW
KERNEL32.dll
PathCompactPathA
UrlCompareA
UrlIsA
UrlIsNoHistoryW
UrlEscapeA
PathCommonPrefixA
UrlGetPartA
UrlCreateFromPathA
UrlCanonicalizeA
UrlGetLocationA
SHLWAPI.dll
drvGetDefaultCommConfigA
drvSetDefaultCommConfigA
drvCommConfigDialogA
CountryRunOnce
modemui.dll
kernel32.DLL
VirtualAllocEx
aStvPUHJVzVXNQg
n4%_
f\q5
F:{Y
)[4~H&46
gC];
wwU-
gES(
W5y^
zPhF
|K)2
oMCS
xVEN!
7vD"
i$;#
PoM5
i{I'
ci10
krP!
+"+'
t7ErP
5.hr
>ogE
TMR0
q++#
mK`C
1GN<
FkX|a
,Pxe
:X9d
)+Y0
t^Dl
dIiG
@;/u2fw
v`}&}%C#(
Y[h7
vd{c
0pu_
aqbL
J;mG	L
4:]<
0NYup2
x:C&9
"<A6
c&D)
7QJ(
]F"(F
VR,t;
mKak#
l=y-
l<'kr
@;Sz|
h#;W?
c'9/
xNvT
cqK,/
&[}#
:-OA
[*2F
vTY`
J(Qc^<
A<e3S
u|x[
R3gP
T<O-
|T22
D"YB
tR_F
mKhPW5
,u^<
-cA/
iG@D`>
`/H&
bHa_
o$F-
|c8L
'3k=
0`)1
U1Cx]d
iB.w
x1>3
t"SY
LWmE
E2:)
(NBk
G_0Se
`PAD
Wgf0_
pc?`
 eMo
C/`D
Xw3pqw
<IRF
E;D<
{t;D
;{m|
:UHb
ws$M`/
ssgM}
WtC@q~
w|1v
?~h@
)pN\)Y
s6ft(
A5R:
uxjy
goun
wr$/
Vhy3
wv>>*
4wPc<
.lua
+e1yv
|b/3
RSDS_
C:\uiop\zzuio.pdb