Analysis Date2016-03-15 05:02:44
MD52e89953986f579f39150fe70b3dd47a2
SHA184b190b3ac877c114173e1b6491f8e91fafb0916

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: ccd67b4bfaf48036937b547170d156fc sha1: c384e59154393cd008e85956b978203f5c5d52f5 size: 37888
Section.rsrc md5: 3a0bbb538d426b3cef425ab2dce317f0 sha1: 60a376418a2b154f19eca5c5cd47ff9ce41ea2fc size: 13312
Section.reloc md5: 4a231d36b41b05ae99d222589f122201 sha1: 604430cd9acc138a00f94cbc223683340aedbc15 size: 512
Timestamp2016-03-13 05:11:02
VersionLegalCopyright: Microsoft Corporation
Assembly Version: 0.0.0.0
InternalName: E.exe
FileVersion: 0.0.0.0
CompanyName: Microsoft Corporation
LegalTrademarks: Microsoft Corporation
Comments: Microsoft Corporation
ProductName: Microsoft Corporation
ProductVersion: 0.0.0.0
FileDescription: Microsoft Corporation
OriginalFilename: E.exe
PackerMicrosoft Visual C# v7.0 / Basic .NET
PEhash0df3a39c02edc9de7211808e4b3b9fc26d7c822a
IMPhashf34d5f2d4577ed6d9ceec516c1f5a744
AVMicrosoft Security EssentialsBackdoor:MSIL/Bladabindi.AL
AVRisingNo Virus
AVMcafeeNo Virus
AVMicroWorld (escan)Gen:Variant.Barys.32564
AVMalwareBytesTrojan.FakeMS.ED
AVAvira (antivir)TR/ATRAPS.Gen
AVIkarusTrojan.MSIL.Bladabindi
AVFrisk (f-prot)No Virus
AVAuthentiumW32/Trojan.TVCL-4125
AVEmsisoftGen:Variant.Barys.32564
AVTwisterNo Virus
AVAd-AwareGen:Variant.Barys.32564
AVZillya!Worm.Bladabindi.Win32.2006
AVKasperskyTrojan.Win32.Generic
AVTrend MicroNo Virus
AVAlwil (avast)Agent-CIB [Trj]
AVEset (nod32)MSIL/Bladabindi.W worm
AVGrisoft (avg)Bladabindi2.AINZ
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVSymantecNo Virus
AVBullGuardGen:Variant.Barys.32564
AVArcabit (arcavir)Gen:Variant.Barys.32564
AVFortinetW32/Generic!tr
AVClamAVNo Virus
AVBitDefenderGen:Variant.Barys.32564
AVDr. WebTrojan.Inject.5077
AVK7Trojan ( 700000121 )
AVF-SecureGen:Variant.Barys.32564
AVCA (E-Trust Ino)Gen:Variant.Barys.32564

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\2c68bacf5bfdcb179ad573756eac60cb ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft\svchost.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft\svchost.exe
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\svchost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\BlackData.dat
Creates MutexbJeUysdFrfyMoo7
Creates MutexGlobal\.net clr networking
Creates MutexGlobal\CLR_RESERVED_MUTEX_NAME

Network Details:

Flows TCP192.168.1.1:1031 ➝ 192.168.1.1:25969
Flows TCP192.168.1.1:1031 ➝ 192.168.1.1:25969
Flows TCP192.168.1.1:1032 ➝ 192.168.1.1:25969
Flows TCP192.168.1.1:1033 ➝ 192.168.1.1:25969
Flows TCP192.168.1.1:1034 ➝ 192.168.1.1:25969
Flows TCP192.168.1.1:1035 ➝ 192.168.1.1:25969
Flows TCP192.168.1.1:1036 ➝ 192.168.1.1:25969

Raw Pcap
0x00000000 (00000)   21307c42 6c61636b 7c486163 6b65645f   !0|Black|Hacked_
0x00000010 (00016)   43303539 39303041 7c426c61 636b7c43   C059900A|Black|C
0x00000020 (00032)   4f4d5055 5445522d 58585858 58587c42   OMPUTER-XXXXXX|B
0x00000030 (00048)   6c61636b 7c41646d 696e6973 74726174   lack|Administrat
0x00000040 (00064)   6f727c42 6c61636b 7c555341 7c426c61   or|Black|USA|Bla
0x00000050 (00080)   636b7c57 696e2058 50205072 6f666573   ck|Win XP Profes
0x00000060 (00096)   73696f6e 616c5350 33207838 367c426c   sionalSP3 x86|Bl
0x00000070 (00112)   61636b7c 4e6f7c42 6c61636b 7c312e30   ack|No|Black|1.0
0x00000080 (00128)   205b203f 3f3f3f20 5d7c426c 61636b7c    [ ???? ]|Black|
0x00000090 (00144)   7c426c61 636b7c7c 426c6163 6b7c3230   |Black||Black|20
0x000000a0 (00160)   31362d30 332d3134 7c426c61 636b7c4e   16-03-14|Black|N
0x000000b0 (00176)   6f7c426c 61636b7c 5b656e64 6f665d     o|Black|[endof]

0x00000000 (00000)   21307c42 6c61636b 7c486163 6b65645f   !0|Black|Hacked_
0x00000010 (00016)   43303539 39303041 7c426c61 636b7c43   C059900A|Black|C
0x00000020 (00032)   4f4d5055 5445522d 58585858 58587c42   OMPUTER-XXXXXX|B
0x00000030 (00048)   6c61636b 7c41646d 696e6973 74726174   lack|Administrat
0x00000040 (00064)   6f727c42 6c61636b 7c555341 7c426c61   or|Black|USA|Bla
0x00000050 (00080)   636b7c57 696e2058 50205072 6f666573   ck|Win XP Profes
0x00000060 (00096)   73696f6e 616c5350 33207838 367c426c   sionalSP3 x86|Bl
0x00000070 (00112)   61636b7c 4e6f7c42 6c61636b 7c312e30   ack|No|Black|1.0
0x00000080 (00128)   205b203f 3f3f3f20 5d7c426c 61636b7c    [ ???? ]|Black|
0x00000090 (00144)   7c426c61 636b7c7c 426c6163 6b7c3230   |Black||Black|20
0x000000a0 (00160)   31362d30 332d3134 7c426c61 636b7c4e   16-03-14|Black|N
0x000000b0 (00176)   6f7c426c 61636b7c 5b656e64 6f665d     o|Black|[endof]

0x00000000 (00000)   21307c42 6c61636b 7c486163 6b65645f   !0|Black|Hacked_
0x00000010 (00016)   43303539 39303041 7c426c61 636b7c43   C059900A|Black|C
0x00000020 (00032)   4f4d5055 5445522d 58585858 58587c42   OMPUTER-XXXXXX|B
0x00000030 (00048)   6c61636b 7c41646d 696e6973 74726174   lack|Administrat
0x00000040 (00064)   6f727c42 6c61636b 7c555341 7c426c61   or|Black|USA|Bla
0x00000050 (00080)   636b7c57 696e2058 50205072 6f666573   ck|Win XP Profes
0x00000060 (00096)   73696f6e 616c5350 33207838 367c426c   sionalSP3 x86|Bl
0x00000070 (00112)   61636b7c 4e6f7c42 6c61636b 7c312e30   ack|No|Black|1.0
0x00000080 (00128)   205b203f 3f3f3f20 5d7c426c 61636b7c    [ ???? ]|Black|
0x00000090 (00144)   7c426c61 636b7c7c 426c6163 6b7c3230   |Black||Black|20
0x000000a0 (00160)   31362d30 332d3134 7c426c61 636b7c4e   16-03-14|Black|N
0x000000b0 (00176)   6f7c426c 61636b7c 5b656e64 6f665d     o|Black|[endof]

0x00000000 (00000)   21307c42 6c61636b 7c486163 6b65645f   !0|Black|Hacked_
0x00000010 (00016)   43303539 39303041 7c426c61 636b7c43   C059900A|Black|C
0x00000020 (00032)   4f4d5055 5445522d 58585858 58587c42   OMPUTER-XXXXXX|B
0x00000030 (00048)   6c61636b 7c41646d 696e6973 74726174   lack|Administrat
0x00000040 (00064)   6f727c42 6c61636b 7c555341 7c426c61   or|Black|USA|Bla
0x00000050 (00080)   636b7c57 696e2058 50205072 6f666573   ck|Win XP Profes
0x00000060 (00096)   73696f6e 616c5350 33207838 367c426c   sionalSP3 x86|Bl
0x00000070 (00112)   61636b7c 4e6f7c42 6c61636b 7c312e30   ack|No|Black|1.0
0x00000080 (00128)   205b203f 3f3f3f20 5d7c426c 61636b7c    [ ???? ]|Black|
0x00000090 (00144)   7c426c61 636b7c7c 426c6163 6b7c3230   |Black||Black|20
0x000000a0 (00160)   31362d30 332d3134 7c426c61 636b7c4e   16-03-14|Black|N
0x000000b0 (00176)   6f7c426c 61636b7c 5b656e64 6f665d     o|Black|[endof]

0x00000000 (00000)   21307c42 6c61636b 7c486163 6b65645f   !0|Black|Hacked_
0x00000010 (00016)   43303539 39303041 7c426c61 636b7c43   C059900A|Black|C
0x00000020 (00032)   4f4d5055 5445522d 58585858 58587c42   OMPUTER-XXXXXX|B
0x00000030 (00048)   6c61636b 7c41646d 696e6973 74726174   lack|Administrat
0x00000040 (00064)   6f727c42 6c61636b 7c555341 7c426c61   or|Black|USA|Bla
0x00000050 (00080)   636b7c57 696e2058 50205072 6f666573   ck|Win XP Profes
0x00000060 (00096)   73696f6e 616c5350 33207838 367c426c   sionalSP3 x86|Bl
0x00000070 (00112)   61636b7c 4e6f7c42 6c61636b 7c312e30   ack|No|Black|1.0
0x00000080 (00128)   205b203f 3f3f3f20 5d7c426c 61636b7c    [ ???? ]|Black|
0x00000090 (00144)   7c426c61 636b7c7c 426c6163 6b7c3230   |Black||Black|20
0x000000a0 (00160)   31362d30 332d3134 7c426c61 636b7c4e   16-03-14|Black|N
0x000000b0 (00176)   6f7c426c 61636b7c 5b656e64 6f665d     o|Black|[endof]

0x00000000 (00000)   21307c42 6c61636b 7c486163 6b65645f   !0|Black|Hacked_
0x00000010 (00016)   43303539 39303041 7c426c61 636b7c43   C059900A|Black|C
0x00000020 (00032)   4f4d5055 5445522d 58585858 58587c42   OMPUTER-XXXXXX|B
0x00000030 (00048)   6c61636b 7c41646d 696e6973 74726174   lack|Administrat
0x00000040 (00064)   6f727c42 6c61636b 7c555341 7c426c61   or|Black|USA|Bla
0x00000050 (00080)   636b7c57 696e2058 50205072 6f666573   ck|Win XP Profes
0x00000060 (00096)   73696f6e 616c5350 33207838 367c426c   sionalSP3 x86|Bl
0x00000070 (00112)   61636b7c 4e6f7c42 6c61636b 7c312e30   ack|No|Black|1.0
0x00000080 (00128)   205b203f 3f3f3f20 5d7c426c 61636b7c    [ ???? ]|Black|
0x00000090 (00144)   7c426c61 636b7c7c 426c6163 6b7c3230   |Black||Black|20
0x000000a0 (00160)   31362d30 332d3134 7c426c61 636b7c4e   16-03-14|Black|N
0x000000b0 (00176)   6f7c426c 61636b7c 5b656e64 6f665d     o|Black|[endof]


Strings