Analysis Date2016-11-15 15:01:32
MD57747accf37b8d6e71ccffcbd578cd87d
SHA184bcdd3fb7e49bd2e58e91439d07bfe24434d766

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 34bc1e85056c3e8652f6f364666c940f sha1: f36e8fd15500447b0859d1e6b1a3612243c42c0c size: 1536
Section.data md5: bc634afefb223c21725357088300c807 sha1: 27810dcc1ed196f42a420023499d50cc1537aa12 size: 512
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: 66c85466759a72696bf9f21d19017330 sha1: 81645aec4db5b0eba0350be71ce7b89edfb2a8d8 size: 61440
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
PackerPE Diminisher v0.1
PEhash
IMPhash62639fa9222cf58c477732813bea1e98
AV360 SafeNo Virus
AVAd-AwareGen:Variant.Graftor.133302
AVAlwil (avast)?
AVArcabit (arcavir)Gen:Variant.Graftor.133302
AVAuthentiumNo Virus
AVAvira (antivir)TR/Crypt.EPACK.14754
AVBitDefenderGen:Variant.Graftor.133302
AVBullGuardGen:Variant.Graftor.133302
AVCA (E-Trust Ino)Gen:Variant.Graftor.133302
AVCAT (quickheal)No Virus
AVClamAVWin.Trojan.Cutwail-802
AVDr. WebTrojan.MulDrop3.14959
AVEmsisoftGen:Variant.Graftor.133302
AVEset (nod32)Win32/Kryptik.BWCF
AVF-SecureGen:Variant.Graftor.133302
AVFortinetW32/Generic.BWCF!tr
AVFrisk (f-prot)No Virus
AVGrisoft (avg)Generic35.CBGN
AVIkarusTrojan-Downloader.Win32.Cutwail
AVK7Trojan ( 004e45e61 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Injector
AVMcafeeCutwail-FDRN!7747ACCF37B8
AVMicroWorld (escan)Gen:Variant.Graftor.133302
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVRisingNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecBackdoor.Trojan
AVTrend MicroNo Virus
AVTwisterVirus.0000@2400068@24050.mg
AVVirusBlokAda (vba32)Trojan.Cutwail
AVWindows DefenderTrojanDownloader:Win32/Cutwail.BS
AVZillya!Trojan.Kryptik.Win32.526576

Runtime Details:

Screenshot

Process
↳ C:\84bcdd3fb7e49bd2e58e91439d07bfe24434d766.exe

Creates FileIp
Creates FileC:\WINDOWS\WindowsShell.Manifest

Network Details:


Raw Pcap

Strings
ExitProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
kernel32.dll
GetObjectW
gdi32.dll
SetWaitableTimer
CreateWaitableTimerA
user32.dll
LoadImageA
kernel32.dll
SleepEx
@!P.
A!P[
D!PE
	!P^
B!P>
	!P=
D!PB
@!P?
MjIj
*KVT
ZZmo
|s/cXY
IlGI
?NE!6
9F?'
[c]M
4=nGr
%OgX
kH4i
gpR8
L&3&
ypyhj
Fqj#")
5JtP
t~0L
gd=o&
Mzl4
7FqT
SUXp
&``*
[rI
$G'hb
 [79
-	\{,2r
t%<k
E`V$
}[Tl
\j{XAZKO
E% kjq
xe:%
.^{K
Y)_}
<#KaM=Y
nsM7
OTs"
o.|9JN
O[&y
',ik%&
F(6iV
bMLOe
8vsF'
:Pfv/
.9QOs.
_.%+
@~Fiy
:S%a
/X??
KP@&
fvI!
?c8a
)ZtvL
~AiD
|zn;
 m.	\
4K"\
fpQ)
`Fb~
3EYuS
\"k%
0J,/
%e4'
K%js
&gs&?
2L~(
%a%D
$rhj
G]p5{nK
d:ie
XfQE
2e<nj
u\pX
sP[SZ
*'U&AX
04#D
*7E3wb
KK[Y
d!A
YcB;BTw
q<qc
EvK*
q#RR
~Ck`
8UoaM=Q
ABp7
-)6F
P~)X
-}VI
Dfh/
h7eU
HEM@
PRqL
y%)Q
9YH%b
rhwk
Q4*@a
^/GI
l.TU>
,FbI
^,o&
zlxa
xbyK
<YF'
[!;1
E:s;
^</{
/+(6_
03k]n!<
3Gum
2qC2
!NvuD-}V:
/VT-
zg+p
H}$`4/d&G
-^b]
|aLuj
>i3{8`E
{rb)
]2\H
,q_M
K0N"
>\;n
<ah;
qA>J?{^
"(k\
z;IA
?(-d
*n"R
j]bu
@4fCmk
UU@L
="0v
:=z'30
5.NS
=h`,G
98pS
(3B%
Y6_H
5@	m
JfcL
~QA\
Tff4h
,oB{;D1
',r%&H
Terlz
taXd
>.B@
3(r/
?6T'd
z1s8
]@C8
<jQI
PE|$
f<p#n
Ubo~
//cC;
Q-qzG
Z^}@
{m\A>D
e<SN
<7l[
gOM7'
BVYy
2tQx
qCNk0d
5'I3
f3xj
{8Z'
7|5Pr
ihiWZ
pG	}
Q,W[|
u++C
Qyp"
^=Y1
Ej&$+
3r,HL
)G>mUly*2
.y1`*}
 75}
a}hx
N	uq
96te
J/\t5g
&${#
fd/-vu
[7JN
Ck3
CY;^
7\ Gu
'-r@
45dv
Cm3R
Lc	u
J&alX
n5LI
lE.Q
{NVi
rau$
n*)t
{oUmNP
`X<%>
b31}J
IvnK
Q[Ely{
hOVw!
v FX
>="A{-
sPA$
Z7|:/B[
38Y*
alt^J
(Q1<
's?[&
YJ2c[T
_KVmY
"_ 4g$
:|4/
L'|DY
0b,y
32z/
KBn^&
jYUB
#,(+
@EWP
m;-f
@CC4
dS)d\
_Ns,
#O\Lu
lu@=
8-<:
)vYf
]|RK
&b|pZ
S#fY|
,Adf]
/by-|
uVJ?j
b	;)
"Tr[
_pNT
*?2_T
B]|{L=
N?6<
jDTEbR
p8|z
tx?@&
.*}'
))AH
n:['g
=Y/c
vu7U
bP.wCs
b,3fI6
[`Tg
0+k]k
y(m%
5UTe
f>N.
G,Z2
nhA}
^F'"V
;2~F
cTH?
(Tj\
maUZ
s0Vl
Yz5n
I^V5:
djkC%
Ooo2
#(1Q
^~~`
g:9r
"[p>
}aW>
RLo{]4(-%.
dluv
#adV2
%d	{
o^	X
<Mw|
S^\E
R?eq
W8|/p
t7[0
%zye
>=\;
3&q*3Fcy
Ih(MN
=:dcO>&=
h)IP7
_i|*e"1
UPX}
+pC}
)FWm.
4s6\!
9hiUz
yH-o
d>1.O
pPDX
"23$
b1cn
H.7N
fPET3
wxrk
6Ex}
H-*`U
j*eE
yWbL
r=7bT
"Q4k
i1(W
>-(1
c.+#
I>Uo
;|&;
SY!n
p0[^
enp05
b1PE
NqWz
2}h&0
JhH@-a
"/.M
cT8(T
ej$^l_`f
QPI#
o Rq
$`]Kx
Rn-&
	?X;
/5&k
6qf<
KdL}T
RX*W9
uBeZ
*2~{
+}O`cX
W?Os
"z]L
5guu
wZ~C"
#*\u
J/`}
*}[B=
2Z5>GH
0 [6F
ceL8
9W]e
'J(J
C&T>
"a<v
G,utu
+,pt%
iT->
[Y.OR
(711
 xes
l*;
b;*P
	a\=
"r.\F
stUC
wp@X
1]d'
%+o7
}BIg
3Rna
jsHg
;;fFc$
/,U.
p*U{&n
3Bjz
5D;u
Q2`R
,H*wY
`Q,>
 uFa~-
EZQ
NA+k
6+<Gh
COv:
^o|z
.*CW
Hzp=X
rid3`H
?9sK
$5).
co60
{kU|FG
tZ#Q
/<|y
r6$%wqb
l*!
d'fdL
AEt4MD
k#)v
#b?0
OL&F
r9GkT}s
Ca0T
M\$&
JPf^
*w+cR
M+TXV\
zuu{
ElqWS
>1N/
<K73
D^`@q
gaBU;
n` O
ddnh
&^:&Q
m(Xw.
01o$
l7f6
%O>!5
Z$+
(puv
Q#uu
kkW_Z
B)wHM
`\l3
=rU_d}
@k<Um
-QR;;Q
 4Q
s!,o
O7*"8Z
6)lV
R88R
hylc
R:"Wc
 Zh_
{OdV
#mv0
y^+t
a`h$
>;~6
F	Ir
g;$hi
c=<)j%H
u :>F
+cb}
m$'"
k9Q-
*.']
Zk%Dc
Z?<1
qQB?W