Analysis Date2015-12-24 12:07:27
MD52dbf5ff4ab590ca6309fbf27c3d27b5e
SHA17cd3f8e3073751ece5c1086b5574173656c14863

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b86d4debca25ccaaba4f619ab442613f sha1: 8995383fbc2c132a72420006faa8266b1146e512 size: 195584
Section.rdata md5: 890b63a1e88c77c8322e4a2f1cc8c235 sha1: 997c0e51a00d7f4c7254682dc5d6201267d143cf size: 17408
Section.data md5: 2a43c106e1aea0b99b90fd4341d832fb sha1: 2b0775d70329292486f97ff2d13667380be65abb size: 16896
Section.rsrc md5: e9863d460177c387ca844e406bbff0f0 sha1: 02576171f6f1968934d72adb848c313124324e38 size: 73216
Timestamp2015-10-17 18:27:56
VersionLegalCopyright: Copyright © 2001-2015 PGWARE LLC
FileVersion: 1.0.0.1
CompanyName: PGWARE LLC
Comments: This installation was built with Inno Setup.
ProductName: GameBoost
ProductVersion: 1.0.0.1
FileDescription: GameBoost Setup
PackerMicrosoft Visual C++ ?.?
PEhash1a95425c8a49b43dadfef449dfd746d491cf76b5
IMPhash68692d1c137bdfa5d334a3f7004766ea
AVAd-AwareTrojan.GenericKD.2805168
AVDr. WebBackDoor.Andromeda.614
AVKasperskyBackdoor.Win32.Kasidet.dba
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVEmsisoftTrojan.GenericKD.2805168
AVK7Trojan ( 004d4aaf1 )
AVTrend Microno_virus
AVEset (nod32)Win32/Kryptik.EBCE
AVIkarusTrojan.Win32.Crypt
AVAlwil (avast)Androp [Drp]
AVFortinetW32/Kryptik.EASA!tr
AVGrisoft (avg)Crypt_r.AEO
AVAvira (antivir)TR/Crypt.Xpack.301693
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKD.2805168
AVSymantecTrojan.Cryptolocker
AVVirusBlokAda (vba32)Heur.Malware-Cryptor.Ngrbot
AVBitDefenderTrojan.GenericKD.2805168
AVZillya!no_virus
AVBullGuardTrojan.GenericKD.2805168
AVRising0x5942a8f6
AVMicroWorld (escan)Trojan.GenericKD.2805168
AVCA (E-Trust Ino)no_virus
AVMicrosoft Security EssentialsWorm:Win32/Kasidet
AVArcabit (arcavir)Trojan.GenericKD.2805168
AVCAT (quickheal)Backdoor.Kasidet.r4
AVMcafeeRDN/Generic BackDoor
AVTwisterno_virus
AVClamAVno_virus
AVMalwareBytesTrojan.Sharik

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\cmd.exe /c del C:\7CD3F8~1.EXE
Creates MutexalFSVWJB

Process
↳ C:\WINDOWS\system32\cmd.exe /c del C:\7CD3F8~1.EXE

Network Details:


Raw Pcap

Strings