Analysis Date2015-11-15 16:52:17
MD5a4b40eef1a1ad150961c5f645c8bd9fe
SHA177c41b60d2bf3bf143ca4053af56e472319a191d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f0c3f19c70242ecb00c6e3efd9c6123b sha1: 91af6d4a3c3a3b03efe691886f98ce7a4b05f553 size: 11344
Section.data md5: fa3f6e3b64929874ea6f1e95a81745d3 sha1: 8d5b30f7617fe3c4b782b46dc717e946ef240d27 size: 6210
Section.rsrc md5: 3a6d9f16fefbe025d13d13ce70e22c31 sha1: 0fdd6cd196356e3df58e454b2b35b52a9598d9ec size: 18120
Timestamp2013-07-19 07:47:35
PackerMicrosoft Visual C++ 5.0
PEhashb8bc27faa2574586dd41f5acf86b9813c9cc0ad8
IMPhashdf0e79d97f00107506f8943f65032731
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeUpatre-FACU!A4B40EEF1A1A
AVAvira (antivir)TR/Dldr.Waski.ionbc
AVTwisterno_virus
AVAd-AwareGen:Variant.Graftor.186737
AVAlwil (avast)Dyre-K [Trj]
AVEset (nod32)Win32/Kryptik.DHMH
AVGrisoft (avg)Crypt5.KAC
AVSymantecDownloader.Upatre
AVFortinetW32/Waski.A!tr
AVBitDefenderGen:Variant.Graftor.186737
AVK7Trojan ( 004c14011 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVMicroWorld (escan)Gen:Variant.Graftor.186737
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.M.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.M.gen!Eldorado
AVIkarusTrojan-Downloader.Win32.Upatre
AVEmsisoftGen:Variant.Graftor.186737
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_UPATRE.SMTR
AVCAT (quickheal)Downloader.Upatre.013890
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Graftor.186737
AVArcabit (arcavir)Gen:Variant.Graftor.186737
AVClamAVno_virus
AVDr. WebTrojan.Upatre.9137
AVF-SecureGen:Variant.Graftor.186737
AVCA (E-Trust Ino)no_virus
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeUpatre-FACU!A4B40EEF1A1A
AVAvira (antivir)TR/Dldr.Waski.ionbc
AVTwisterno_virus
AVAd-AwareGen:Variant.Graftor.186737
AVAlwil (avast)Dyre-K [Trj]
AVEset (nod32)Win32/Kryptik.DHMH
AVGrisoft (avg)Crypt5.KAC
AVSymantecDownloader.Upatre
AVFortinetW32/Waski.A!tr
AVBitDefenderGen:Variant.Graftor.186737
AVK7Trojan ( 004c14011 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVMicroWorld (escan)Gen:Variant.Graftor.186737
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.M.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.M.gen!Eldorado
AVIkarusTrojan-Downloader.Win32.Upatre

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\1b2d_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1204 -e 148 -g
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 192

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 192

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1204 -e 148 -g

Network Details:


Raw Pcap

Strings