Analysis Date2015-09-30 15:42:35
MD5ae524407319f9e6eda642b6ded85d3dd
SHA17e7168c76c9c859b3f1bc0adb7bf03783ba4332b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4b84ca66055922ffe3b7d0a45b63ad99 sha1: 1ef4ca2a2580dd73a91417826fc17bb0c98aff13 size: 43520
Section.data md5: 3fd04642b046387c6fd670a5951dfef8 sha1: d324c57df7e51348288db7118c90c55602bf608a size: 3584
Section.idata md5: f85c9601de742e0bc2de9d7b285351dc sha1: 3257b92e170b187f8b2ad58c84e2c085c7784d8d size: 4096
Section.rsrc md5: 81c2b5b85bf8d966e034b75836bff39f sha1: 6f6113fcc5f538d20024eea04b2866f93098306b size: 15360
Timestamp2008-08-02 07:56:47
PackerRAR SFX
PEhash224584cb4d70d7cb14e13703fc71f598b8b3d69e
IMPhash9aae05e907a50289a087dfd9f36ff114
AVCA (E-Trust Ino)no_virus
AVF-Secureno_virus
AVDr. WebTrojan.Upatre.1263
AVClamAVno_virus
AVArcabit (arcavir)Trojan.Zmutzy.39_Zum.Zmutz.1:Trojan.Upatre.Gen.3
AVBullGuardTrojan.Zmutzy.39:Zum.Zmutz.1
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend MicroTROJ_UPATRE.SMJV
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftTrojan.Zmutzy.39:Zum.Zmutz.1
AVIkarusTrojan.Crypt1
AVFrisk (f-prot)W32/Upatre.Y.gen!Eldorado
AVAuthentiumW32/Upatre.Y.gen!Eldorado
AVMalwareBytesTrojan.Upatre
AVMicroWorld (escan)Trojan.Zmutzy.39[ZP]
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.G
AVK7Trojan ( 004c2c991 )
AVBitDefenderTrojan.Zmutzy.39:Zum.Zmutz.1
AVFortinetW32/Kryptik.DIWD!tr
AVSymantecno_virus
AVGrisoft (avg)Generic_s.ERJ
AVEset (nod32)Win32/Kryptik.DIXO
AVAlwil (avast)Dropper-gen [Drp]
AVAd-AwareTrojan.Zmutzy.39:Zum.Zmutz.1
AVTwisterno_virus
AVAvira (antivir)no_virus
AVMcafeeDownloader-FASG!9883C3E0B8DE
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates File__tmp_rar_sfx_access_check_74812
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates Filefax_info.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes File__tmp_rar_sfx_access_check_74812
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:


Raw Pcap

Strings