Analysis Date2016-02-14 02:30:55
MD5ce6ce2584b019416d28bcb3472b2b925
SHA17f8f639728bed4a1038429d844af1ac2cf2c5af8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a85d87b48c575b89dc07f76b94c76e3b sha1: 7c64a8d83be0cd5e7ee188f8dbcbf0db36c8b6bd size: 69632
Section.rdata md5: 3c660784e2747e6510ef38cd388ce27b sha1: 15756ae71dcb21ef3db461473a74e7a749b3e800 size: 16384
Section.data md5: 6a5b8abad11b59616a470a9b699763d5 sha1: ac5ccce519500de14d6febab5f16631ab31bb45f size: 16384
Section.rsrc md5: c5eac98688f81a78c3a420850c4e6ccb sha1: b95f26ce920dfb357a647eefdc4a683375a5cccf size: 102400
Timestamp2016-02-03 09:59:54
PackerMicrosoft Visual C++ v6.0
PEhashf22895b0fe4accfb2ebcef09a382deb8939ec318
IMPhash383e9cf96e4fa7fff0db80c1bbe593f6
AVCA (E-Trust Ino)Gen:Variant.Symmi.58357
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)BDS/Farfli.kj.2
AVTwisterTrojan.6B65726E656C33322.mg
AVAd-AwareGen:Variant.Symmi.58357
AVAlwil (avast)Farfli-AX [Trj]
AVEset (nod32)Win32/Farfli.BBM
AVGrisoft (avg)Win32/DH{Ow?}.dropper
AVSymantecNo Virus
AVFortinetW32/Farfli.AIL!tr
AVBitDefenderGen:Variant.Symmi.58357
AVK7Trojan ( 004c1ef31 )
AVMicrosoft Security EssentialsBackdoor:Win32/Farfli.O
AVMicroWorld (escan)Gen:Variant.Symmi.58357
AVMalwareBytesBackdoor.Service
AVAuthentiumW32/Trojan.AHEV-1319
AVEmsisoftGen:Variant.Symmi.58357
AVFrisk (f-prot)No Virus
AVIkarusTrojan-GameThief.Win32.Magania
AVZillya!Trojan.Farfli.Win32.24663
AVKasperskyTrojan.Win32.Generic
AVTrend MicroNo Virus
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)Trojan.Redosdru.014962
AVBullGuardGen:Variant.Symmi.58357
AVArcabit (arcavir)Gen:Variant.Symmi.18775
AVClamAVNo Virus
AVDr. WebTrojan.KeyLogger.28570
AVF-SecureGen:Variant.Symmi.58357

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Filec:\heygirl.ddd
Creates FileC:\map542500.dll

Network Details:

DNSfc11w1w.codns.com
Type: A
127.0.0.1
DNSfc11w1w.codns.com
Type: A
127.0.0.1

Raw Pcap

Strings