Analysis Date2015-10-19 09:57:02
MD54565f699c7dce5fb82191c80047f9d0c
SHA1818f5bb655cb73dd2cba85c261fa698cf5523e25

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 44bbdd4e209476837e3db454c8f68848 sha1: 343fe1e0d286de6e537280d330db060d4bc6f78a size: 139264
Section.rdata md5: 70b9d21c31fffdc9fe75536ee957cfa7 sha1: 1827fc7e8dec3550ee570c7fe309fc117c059500 size: 28672
Section.data md5: e7a4077b7f56365f2d04c13bd2db56dd sha1: 7504025197b6712a01411ac623e867e37cee7a75 size: 28672
Section.reloc md5: 6db0e8019dca4c1b417ae45c47ed7e4f sha1: 5e399f72645aea73a5e7383b0d05579d21c68460 size: 12288
Timestamp2015-08-12 10:56:00
Pdb pathc:\town\parent\length\depend\Segment\area\Broad\notepress.pdb
PackerMicrosoft Visual C++ ?.?
PEhashdb78f7149f31f773514aebed3b46cee5e8070454
IMPhash7bc520d824df9222f012aaa88ac9481e
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan:W32/Gamarue.F
AVDr. WebBackDoor.Andromeda.614
AVClamAVWin.Trojan.Agent-931565
AVArcabit (arcavir)Trojan.Agent.BMES
AVBullGuardTrojan.Agent.BMES
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyno_virus
AVZillya!Trojan.Kryptik.Win32.785814
AVEmsisoftTrojan.Agent.BMES
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.JIYR-2890
AVMalwareBytesno_virus
AVMicroWorld (escan)Trojan.Agent.BMES
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVK7Trojan ( 004ce1471 )
AVBitDefenderTrojan.Agent.BMES
AVFortinetW32/Kryptik.DULO!tr
AVSymantecPacked.Dromedan!gen17
AVGrisoft (avg)Crypt4.CEGL
AVEset (nod32)Win32/Kryptik.DTXO
AVAlwil (avast)MalOb-LV [Cryp]
AVAd-AwareTrojan.Agent.BMES
AVTwisterno_virus
AVAvira (antivir)Worm/Gamarue.1262448.7
AVMcafeeGamarue-FCM!4565F699C7DC

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
212.7.1.132
DNSeurope.pool.ntp.org
Type: A
5.39.184.5
DNSeurope.pool.ntp.org
Type: A
85.21.78.91
DNSeurope.pool.ntp.org
Type: A
129.250.35.251
DNSnorth-america.pool.ntp.org
Type: A
69.167.160.102
DNSnorth-america.pool.ntp.org
Type: A
96.44.142.5
DNSnorth-america.pool.ntp.org
Type: A
198.110.48.12
DNSnorth-america.pool.ntp.org
Type: A
204.2.134.164
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.16
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSsouth-america.pool.ntp.org
Type: A
131.0.232.2
DNSsouth-america.pool.ntp.org
Type: A
192.188.53.26
DNSasia.pool.ntp.org
Type: A
103.252.195.20
DNSasia.pool.ntp.org
Type: A
120.119.28.1
DNSasia.pool.ntp.org
Type: A
185.23.153.237
DNSasia.pool.ntp.org
Type: A
218.189.210.3
DNSoceania.pool.ntp.org
Type: A
54.252.165.245
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSoceania.pool.ntp.org
Type: A
54.252.129.186
DNSafrica.pool.ntp.org
Type: A
196.223.19.3
DNSafrica.pool.ntp.org
Type: A
41.188.33.6
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSafrica.pool.ntp.org
Type: A
196.192.32.7

Raw Pcap

Strings