Analysis Date2015-11-26 06:58:04
MD5af3bb9d9f00549e62e16fd6be8aa0f8c
SHA184a339dcaf9eb2c50e933964616a6680367c1640

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1cfe640fb916f9e71e2f42ce9463b6e6 sha1: d3cefe831eba88d17380b6e877f968ab01e72878 size: 6144
Section.rdata md5: 5991a0937ea1c73a6ea7d2b50760dccf sha1: b09ba9081a37296905432830e2b7a3f680249f52 size: 1536
Section.data md5: 36f425ac30a34478057dae27a1407f15 sha1: 27c149c9c2f3499e5e8e775de3eeba3e88845640 size: 512
Section.rsrc md5: d312230fc901e21ad5d01f3359ba6e14 sha1: 9a3ea68fc338ca5068121b66142c23539c4c2819 size: 10240
Section.reloc md5: 5941791c6b31ac52e41a5ea0912259d3 sha1: 953eb4ea14eb81b605c22a5b1c6a2a709e64de33 size: 512
Timestamp2014-02-05 03:55:00
PEhash2394682c218c1f7651bd92f22a4a09342e6bc7ab
IMPhash7772dfa3e3a72b92db47c13e7be36e20
AVCA (E-Trust Ino)Win32/Tnega.GXNWZHB
AVCA (E-Trust Ino)Win32/Tnega.GXNWZHB
AVRisingno_virus
AVMcafeeDownloader-FSH!AF3BB9D9F005
AVAvira (antivir)TR/Yarwi.B.176
AVTwisterTrojan.4EB8D0DD116B77B2
AVAd-AwareTrojan.GenericKD.1559549
AVAlwil (avast)Zbot-TCT [Trj]
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVGrisoft (avg)Generic35.BQYO
AVSymantecDownloader.Upatre
AVFortinetW32/Waski.AC!tr
AVBitDefenderTrojan.GenericKD.1559549
AVK7Trojan ( 0040f71e1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.AA
AVMicroWorld (escan)Trojan.GenericKD.1559549
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Trojan.QXZZ-7823
AVFrisk (f-prot)W32/Trojan3.HKY
AVIkarusTrojan-Downloader.Win32.Upatre
AVEmsisoftTrojan.GenericKD.1559549
AVZillya!Downloader.Injecter.Win32.5149
AVKasperskyTrojan-Downloader.Win32.Injecter.jiq
AVTrend MicroTROJ_UPATRE.SMBB
AVCAT (quickheal)TrojanDownloader.Upatre.A4
AVVirusBlokAda (vba32)TrojanDownloader.Injecter
AVPadvishDownloader.Win32.Injecter.ji_Generic
AVBullGuardTrojan.GenericKD.1559549
AVArcabit (arcavir)Trojan.GenericKD.1559549
AVClamAVWin.Trojan.Generickd-68
AVDr. WebTrojan.DownLoad3.28161
AVF-SecureTrojan-Downloader:W32/Upatre.I
AVRisingno_virus
AVMcafeeDownloader-FSH!AF3BB9D9F005
AVAvira (antivir)TR/Yarwi.B.176
AVTwisterTrojan.4EB8D0DD116B77B2
AVAd-AwareTrojan.GenericKD.1559549
AVAlwil (avast)Zbot-TCT [Trj]
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVGrisoft (avg)Generic35.BQYO
AVSymantecDownloader.Upatre
AVFortinetW32/Waski.AC!tr
AVBitDefenderTrojan.GenericKD.1559549
AVK7Trojan ( 0040f71e1 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.AA
AVMicroWorld (escan)Trojan.GenericKD.1559549
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Trojan.QXZZ-7823
AVFrisk (f-prot)W32/Trojan3.HKY

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\opera_updater.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\opera_updater.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\opera_updater.exe

Network Details:


Raw Pcap

Strings