Analysis Date2015-07-22 21:13:06
MD56af49d88ca6e856a5f2f82a4d8f6c4bb
SHA182dcb8c96b31cc8519b19473a95d894b5368ea4e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6027632f19c2822df7c8d9a53e353572 sha1: 5a98202d57a653a77e2bdcc06b10ec09a85fc034 size: 15872
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.xcpad md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: ce3f1857c8581af1880944490502c85a sha1: c0e4d1c0bdf965165bc8e97c1110d38e13118b1f size: 1024
Section.reloc md5: 1d2826c44311e3eea7285e947f031826 sha1: 151a275336fe91e4b1ac431cddfb43c73c5b6186 size: 512
Section.rsrc md5: 3bef2b2b66a4119680f3be267071a688 sha1: 49f7dfc9a299342f61ab9159727fd7d6ec89aaf1 size: 1024
Timestamp1970-01-01 00:00:04
VersionLegalCopyright:
PackagerVersion: 7.0.162
InternalName:
FileVersion: 1.0.0.0
CompanyName:
Comments:
ProductName:
ProductVersion: 1.0.0.0
FileDescription:
Packager: Xenocode Postbuild 2009 for .NET Beta
OriginalFilename:
PackerBorland Delphi 3.0 (???)
PEhash0e16b432b016eb5703965900b94def8caeb15af0
IMPhash4582ffdd7eb98cb63a937096204182b7
AVCA (E-Trust Ino)no_virus
AVF-Secureno_virus
AVDr. WebTrojan.DownLoader.64331
AVClamAVTrojan.Spy-70963
AVArcabit (arcavir)no_virus
AVBullGuardno_virus
AVPadvishMalware.Trojan.Spy-70963
AVVirusBlokAda (vba32)TrojanPSW.Dybalom
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan-PSW.Win32.Dybalom.bkn
AVZillya!Trojan.Dybalom.Win32.2128
AVEmsisoftno_virus
AVIkarusTrojan.Win32.Llac
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Poison.K.gen!Eldorado
AVMalwareBytesBackdoor.Bot
AVMicroWorld (escan)no_virus
AVMicrosoft Security Essentialsno_virus
AVK7Backdoor ( 04c4c6e51 )
AVBitDefenderno_virus
AVFortinetW32/Dybalom.BKN!tr.pws
AVSymantecno_virus
AVGrisoft (avg)Crypt.AUXA
AVEset (nod32)Win32/PSW.Fignotok.B
AVAlwil (avast)no_virus
AVAd-Awareno_virus
AVTwisterTrojan.CF280267986568AA
AVAvira (antivir)TR/PSW.Dybalom.A
AVMcafeePWS-Zbot.gen.uv
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates Process"C:\ssssss.exe"
Creates Mutex_xvm_mtx_other_0xAB20A41E
Creates Mutex_xvm_mtx_reg_0xAB20A41E
Creates Mutex_xvm_mtx_file_0xAB20A41E

Process
↳ "C:\ssssss.exe"

Creates Mutex_xvm_mtx_other_0xAB20A41E
Creates Mutex_xvm_mtx_reg_0xAB20A41E
Creates MutexDBWinMutex
Creates Mutex_xvm_mtx_file_0xAB20A41E

Network Details:


Raw Pcap

Strings