Analysis Date2016-02-26 20:54:36
MD59fc57a4a9821bc5c39d988f1859791b0
SHA17e1bea93dc36d8a4a1a7087f9f6a97d0374b959d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: faafef908f36039091cf3cb61ed5b455 sha1: 5036145e6981799abc5fc2209204a22e3dec3f3c size: 73728
Section.rdata md5: 57bdc2db1133416b66961360500ac6c2 sha1: ab9ae2fce4e68ef9a9670d6dd0bd812a973456fd size: 4096
Section.data md5: eeee4769d457495ce5161494d1182d23 sha1: cb97d7d1394cc037a1abbc9c7b6b648d3b1ff7dc size: 8192
Section.rsrc md5: 3daae4a16649fe431e8e5315e064747c sha1: f5f6b281287f10e32344a3b54fbe58ba8708bcec size: 40960
Timestamp2004-05-30 02:19:10
VersionLegalCopyright: Copyright © 2013
InternalName: Grates
FileVersion: 52, 155, 94, 53
CompanyName: FeatherySoft, Inc.
FileDescription: Moths
ProductName: Halite Heritors
ProductVersion: 109, 247, 167, 51
PrivateBuild:
PackerMicrosoft Visual C++ v6.0
PEhash8fb34079d392e039dac214ddf98db96bb5e6c6ab
IMPhasha0ff3ed2e0a6e7fab656ec30822f01bc
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/Crypt.ZPACK.230072
AVTwisterNo Virus
AVAd-AwareNo Virus
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.EPDN
AVGrisoft (avg)Crypt5.ALBA
AVSymantecNo Virus
AVFortinetNo Virus
AVBitDefenderNo Virus
AVK7No Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVMicroWorld (escan)No Virus
AVMalwareBytesNo Virus
AVAuthentiumNo Virus
AVEmsisoftNo Virus
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Crypt
AVZillya!No Virus
AVKasperskyBackdoor.Win32.Androm.jejc
AVTrend MicroNo Virus
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)No Virus
AVBullGuardNo Virus
AVArcabit (arcavir)No Virus
AVClamAVNo Virus
AVDr. WebTrojan.Siggen.65341
AVF-SecureNo Virus
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Policies\Explorer\Run\317606753 ➝
C:\Documents and Settings\All Users\msvgqh.exe\\x00
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\Windows\Load ➝
\\x00
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\msvgqh.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\3564312
Deletes FileC:\7E1BEA~1.EXE
Winsock DNSpool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSmicrosoft.com
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSgta.repack.bike
Winsock DNSasia.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
185.31.136.34
DNSeurope.pool.ntp.org
Type: A
81.16.34.161
DNSeurope.pool.ntp.org
Type: A
91.206.8.70
DNSeurope.pool.ntp.org
Type: A
91.237.88.67
DNSnorth-america.pool.ntp.org
Type: A
129.250.35.250
DNSnorth-america.pool.ntp.org
Type: A
168.158.178.5
DNSnorth-america.pool.ntp.org
Type: A
208.69.30.132
DNSnorth-america.pool.ntp.org
Type: A
4.53.160.75
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.193
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
186.71.75.78
DNSasia.pool.ntp.org
Type: A
168.63.242.24
DNSasia.pool.ntp.org
Type: A
104.41.167.60
DNSasia.pool.ntp.org
Type: A
128.199.84.169
DNSasia.pool.ntp.org
Type: A
157.7.203.102
DNSoceania.pool.ntp.org
Type: A
202.22.158.30
DNSoceania.pool.ntp.org
Type: A
203.23.237.200
DNSoceania.pool.ntp.org
Type: A
203.97.218.196
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSafrica.pool.ntp.org
Type: A
197.82.150.123
DNSafrica.pool.ntp.org
Type: A
41.188.33.6
DNSafrica.pool.ntp.org
Type: A
196.10.54.57
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSpool.ntp.org
Type: A
173.255.246.13
DNSpool.ntp.org
Type: A
198.60.73.8
DNSpool.ntp.org
Type: A
209.244.0.3
DNSpool.ntp.org
Type: A
104.156.99.226
DNSmicrosoft.com
Type: A
23.100.122.175
DNSmicrosoft.com
Type: A
104.40.211.35
DNSmicrosoft.com
Type: A
104.43.195.251
DNSmicrosoft.com
Type: A
191.239.213.197
DNSmicrosoft.com
Type: A
23.96.52.53
DNSgta.repack.bike
Type: A
Flows UDP192.168.1.1:1040 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1044 ➝ 23.100.122.175:80
Flows UDP192.168.1.1:1045 ➝ 8.8.4.4:53

Raw Pcap

Strings