Analysis Date2015-02-15 01:21:58
MD5319b8e9a0616c4d1ebb2be61ce037782
SHA185b4c0f8933f7f90fb1e416e32e768de03a957a5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4a6a4fdb92406f4db06e679de61a7204 sha1: 3fc70b801ff061d5a541306434aaedc9b02b0b34 size: 94208
Section.rdata md5: 94aabcb25aa9b8bb8ca8a40e20b34817 sha1: ad6b7a39a924c0af492cc42f4d32354d7d4909a1 size: 20480
Section.data md5: 353f2545fc139ff73dc97bde337e6e73 sha1: 3f4f2057d0ac64dd40c5f5053f42a578e1bd6b28 size: 8192
Section.rsrc md5: aae1a0c82b2fe0bb5e744b18afb47522 sha1: 8e45e409bf0c0fa97d3f29056ed8bcb8c6c588c2 size: 4096
Timestamp2015-01-28 18:31:59
PackerMicrosoft Visual C++ v6.0
PEhash8c629287a03128482d66afa0e862a3ad890bbe27
IMPhash8c81ca4ad5bd2b86ee1373430e9dcc4e
AV360 Safeno_virus
AVAd-AwareTrojan.Generic.12754599
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Generic.12754599
AVAuthentiumW32/Trojan.KKVZ-0542
AVAvira (antivir)TR/Glupteba.uxize
AVBullGuardTrojan.Generic.12754599
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.Generic.12754599
AVEset (nod32)Win32/Glupteba.M
AVFortinetW32/Glupteba.M!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.12754599
AVGrisoft (avg)Small.GVT
AVIkarusTrojan.Win32.Glupteba
AVK7Trojan ( 004b4e061 )
AVKasperskyno_virus
AVMalwareBytesTrojan.Agent
AVMcafeeRDN/Generic.tfr!eh
AVMicrosoft Security EssentialsTrojan:Win32/Carberp.I
AVMicroWorld (escan)Trojan.Generic.12754599
AVRisingno_virus
AVSophosno_virus
AVSymantecDownloader
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
15150124\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://204.14.213.177:13023/stat?uid=100&downlink=1111&uplink=1111&id=000171DF&statpass=bpass&version=15150124&features=30&guid=48b7ac55-9446-46fe-b475-f84a58b0ff50&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://65.254.56.90:10703/stat?uid=100&downlink=1111&uplink=1111&id=00018613&statpass=bpass&version=15150124&features=30&guid=48b7ac55-9446-46fe-b475-f84a58b0ff50&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://212.48.66.150:22357/stat?uid=100&downlink=1111&uplink=1111&id=000199F9&statpass=bpass&version=15150124&features=30&guid=48b7ac55-9446-46fe-b475-f84a58b0ff50&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://195.22.103.43:58207/stat?uid=100&downlink=1111&uplink=1111&id=0001ADDE&statpass=bpass&version=15150124&features=30&guid=48b7ac55-9446-46fe-b475-f84a58b0ff50&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://223.165.30.17:36991/stat?uid=100&downlink=1111&uplink=1111&id=0001C1B5&statpass=bpass&version=15150124&features=30&guid=48b7ac55-9446-46fe-b475-f84a58b0ff50&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://65.60.11.122:49021/stat?uid=100&downlink=1111&uplink=1111&id=0001D57B&statpass=bpass&version=15150124&features=30&guid=48b7ac55-9446-46fe-b475-f84a58b0ff50&comment=15150124&p=0&s=
User-Agent:
HTTP GEThttp://103.14.96.102:37174/stat?uid=100&downlink=1111&uplink=1111&id=0001E942&statpass=bpass&version=15150124&features=30&guid=48b7ac55-9446-46fe-b475-f84a58b0ff50&comment=15150124&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 204.14.213.177:13023
Flows TCP192.168.1.1:1031 ➝ 204.14.213.177:13023
Flows TCP192.168.1.1:1032 ➝ 65.254.56.90:10703
Flows TCP192.168.1.1:1033 ➝ 212.48.66.150:22357
Flows TCP192.168.1.1:1034 ➝ 195.22.103.43:58207
Flows TCP192.168.1.1:1035 ➝ 223.165.30.17:36991
Flows TCP192.168.1.1:1036 ➝ 65.60.11.122:49021
Flows TCP192.168.1.1:1037 ➝ 103.14.96.102:37174

Raw Pcap

Strings
.
able
adenoma
afford
airiest
alacrity
ancestries
approving
aside
autocrat
autograph
autonomous
&aYV3 D7oIx
beckoning
beginning
bloodsports
bothers
&BQ5S
brimming
&BWV
&c63 UxY
&C8XZj1 J9p2w8
CompanyName
&D58 KE1WBZ Zm479u6P
&Eq7N8nTT fnk9 D144Hpk P5uF
&FKeJ7MX xl319
&fU2C xAT25C z10h6gBn aVMvW
&G401 L5V0F0 aPU541ld
&gj26 J851
&gT8X
&h1NmiU4E Gf63
&h5lTR F88
&HVn V61w7Z
&j38XW9 s83GP BV7w50
&J769lL8 MXl5u1I4 Jr3pd0 LluK
&J8S
&k55qv3
&kEZ4 UEb gLW3 dkYi8Oy2
&l188 y0L57 r3Wj1FI
&LL3L83 gKF4
&LwAcaq
&m11 RZ4775X8 ad0p16dW IL0GZ
MS Sans Serif
&Nf4 Kv4354C6 d14SB6l d2797467
&O3a51 rY29w6
&O48 x6X7ZN7 Y0R02l6j ZB4
&o91 t746V3y7
Olivier
&QFf
&qNgw0
&r2Wo8v43 Vh1716x k7n1
&R47m iW47S5V
&rsSMt367 J5952w
&S789o2t
&s9f Y46l3
&SIB2z AXY sD199
surfacing
surged
&T4N ABFuQ J35
tags
teat
technician
&tnsIeRT qb9iSGr
&To3z Zq8hBH6 fjK6 qX5
topnotch
tossed
trimmer
tropopause
&u12VD5 V5V1D j063a6a GfAtiN
undiscriminated
uniting
uptotheminute
&V9z8wu11 p07 RF23I81 Op5D2rg
veracity
verged
VS_VERSION_INFO
&w4R9M AEy3C YWNQ R84XS
&W5vu
wanderings
wingers
&X6h vHFOtl
&Xmj P871D f3xOVfNG H2swAj
&Z3w0NRu
<*|{( ;
>=?", 
:{<0$+
>0tS(53
)1+{kh_oNw-xk
2ycP&-sS/
	3$!57
:3t+OKM-
)45137
4R\}&H
>?4&RSMU
5,-c{V
5JLmmW
5NTe-OK
'?5?	s%V
6Jl-_#
6n,g{?
6>T<U$."
6x<hT'
7",2cs
76$Tzm
7+,csv
7}Lx}hX'>{$
7Ndenw?(|
7of(Ok
7shJO%
7&|{Xh6'\
8_d&^;
{ 8j4W
=8,LSm
8Z4.[3
9R\->[4.
9xd8&\3.#
	9Ydv^`n./
?a4&<[T
_acmdln
ActivateKeyboardLayout
AddAtomW
_adjust_fdiv
=a,&;St=
AttachThreadInput
	aY>VlVo
>b$^;&
"b2fK7
^b6.t#NJe
BackupWrite
BeginUpdateResourceA
BeginUpdateResourceW
bHuOme
_".bS^=
BuildCommDCBW
C1?|>@
c2n#?b<
CallMsgFilterA
CallWindowProcA
=c<^dv
ChangeDisplaySettingsA
ChangeDisplaySettingsExW
ChangeMenuW
CharLowerA
CharNextA
CharUpperA
CheckMenuRadioItem
CloseHandle
;*\cNn
CoFreeLibrary
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
_controlfp
CreateDialogIndirectParamA
CreateDIBPatternBrushPt
CreateDirectoryA
CreateEventA
CreateIcon
CreateProcessW
CreateThread
?cTfS]]f
cV6f]^N&
@.data
DdeCreateStringHandleA
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringW
DdeUninitialize
DebugActiveProcess
DebugBreak
DeferWindowPos
DefineDosDeviceA
DefineDosDeviceW
DeleteFileW
DestroyCaret
DestroyWindow
DeviceIoControl
dfggfgjg
DialogBoxIndirectParamW
DialogBoxParamW
\D~*R2
DragAcceptFiles
DragObject
DrawStateW
DrawTextW
DuplicateHandle
EnableWindow
EndDeferWindowPos
EnterCriticalSection
EnumPropsA
EnumResourceLanguagesA
EnumResourceNamesA
EnumSystemCodePagesW
EnumTimeFormatsW
EnumWindowStationsA
e	OY-~c`n
_except_handler3
ExcludeUpdateRgn
ExitWindowsEx
ExpandEnvironmentStringsA
f&g#WJ
FileTimeToDosDateTime
FillConsoleOutputCharacterW
FindAtomA
FindAtomW
FindFirstChangeNotificationW
FindResourceExA
FindResourceW
FlushConsoleInputBuffer
FoldStringW
fP_-V;
fqb7f$WOf
FreeDDElParam
FreeLibraryAndExitThread
FreeResource
g2Wc6V
ga_V>^Tf
gbW>>\
GDI32.dll
GetAsyncKeyState
GetBinaryTypeA
GetClassNameA
GetClipboardData
GetClipboardFormatNameW
GetCommandLineW
GetCommTimeouts
GetComputerNameA
GetConsoleTitleA
GetCurrencyFormatW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDCEx
GetDefaultCommConfigW
GetDialogBaseUnits
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDlgCtrlID
GetDoubleClickTime
GetEnvironmentStringsW
GetExpandedNameW
GetFileAttributesA
GetFileInformationByHandle
GetFocus
GetIconInfo
GetKBCodePage
GetLastError
GetLocaleInfoW
GetLongPathNameW
__getmainargs
GetMenu
GetMenuItemInfoA
GetMenuState
GetMessagePos
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleMouseButtons
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionNamesA
GetPrivateProfileStructA
GetProcessPriorityBoost
GetProcessVersion
GetProfileSectionA
GetProfileStringA
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSysColorBrush
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetTopWindow
GetUserDefaultLangID
GetVolumeInformationW
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
gh?WdN
gKe-'SSe
GlobalAddAtomA
GlobalAlloc
GlobalFlags
<h$7b,
H85T|%
HlUg&i
:H|nPW
h!o7'<+
HpMW%&+k
	Hum8W
H;U\V>Vd
)h;W$N
)hzrHgM
Hzu0h3
I3}KXuNp
{i`/6[\6n
iiW_.~cpn'
.iK_e(Ycf
iM	1\)
IMM32.dll
ImmGetContext
IMPSetIMEA
_initterm
Inx/XS6
I_RpcDeleteMutex
IsDialogMessageA
><IS#n`BPM]
,IsU_>VtnX
IsWindowUnicode
>i|Wp&
;i|wp`_6n4
 !J2}3
j(?3L%l
J{58T4
<jd/V;.4s
jfgkhg
JJu|XXnV7
?jl/O[
?jLo=w
J!mb'6cl
jq_/.3{kP
JU]f6'|s 
KaeNWu~x
K==dlfWw>
kEaI2j
KERNEL32.dll
K\]..{Kx
kpO/mS
<KTUQYU^V~fP/
K`Uv&h3w
KVU6.|
L~%033+s
l1/[;&
LaU>~4ht
Lb564,
?L|e(O
l!g"w2
LJu-X+
L!m27+|{
LoadImageW
l`?&t3
!Lu3h$m7
l"W"f<_
LZ32.dll
LZSeek
m4?+Lc
m8Wlvo
Mb]V6N$u
MessageBoxExA
M|=H\}
MI-U#f
MIUm^Wn~o 
M(]kVWbi^
M`M^mv
ModifyMenuA
Module32First
mPgU_n'
MSVCRT.dll
mY/.;{|
My}hXw^
N05s\'
;N4eco
&n,7+#
NDdeApi.dll
`"nj#|j
Nj%W+h
NOEOdj
nP?],&
npV=%P
Nq}wH }
N;%t3'S
N]t6'L
N%u+pK
o	/1S[M
o:/4*PK
od!4V9
OemKeyScan
OemToCharBuffW
OhM_}n
*o",!I@dpB
OI]ufpw
OI%]{V
ole32.dll
OLEAUT32.dll
olw7' 
ONu%0c
ONu%h{
OQ+5[T
Ot}pxgrk/
OT%};x
O,Uc>v,
O"uJ u:
oYW&&s{
__p__commode
PeekMessageW
\Pf%_;
__p__fmode
P&M;]4
PMm}'8s
PostMessageW
Process32First
:p|WPc
?q4Ol}O
q \4uIR
{qHWqdW
QM:eTWe
QO4&S[
qpgOWm
Q--;SLU
Qv=Hl}/
~q w:Hd=
R~5"T2
`.rdata
RegisterClassExW
_R.eKo
rk/'SK
r_OnM'
RPCRT4.dll
R[<	Ta
"!R:<<TL
ry'hdpS.e
rzpu/HS-e
:s4g{?p,W
ScreenToClient
S&D[`H
SendInput
SendMessageCallbackA
SendMessageTimeoutA
__set_app_type
SetCapture
SetClassLongW
SetMenuContextHelpId
SetMenuDefaultItem
SetMenuItemInfoA
SetRectEmpty
SetScrollRange
__setusermatherr
SetUserObjectInformationA
SetUserObjectInformationW
SetUserObjectSecurity
SetWindowRgn
SetWindowsHookExA
SetWindowsHookW
SetWindowWord
SHELL32.dll
ShellExecuteA
Sh='LS
sj/w#`"
sQ?5$TR
Stj^6{
~+`SV5f<w
SystemParametersInfoW
:t</4#+2[3
TaU7U\^
!This program cannot be run in DOS mode.
TileWindows
TiU_>&|[p
>tknLk
;[TnMg}7
=\t>OL
TranslateAcceleratorA
twW V"nZ
U0.#Sz5
;u4`kng7
Uj>gtW
UnhookWindowsHook
}Un:r*>
UnregisterClassW
U)n+wkh
urx_`n.
USER32.dll
uWh>WT^
VkKeyScanExW
:v<pd/
vx( #"
vy(hS'e
VzN(e#
WINNLSEnableIME
wqX9nd_
W(V+^s
wWGHsGxC
:W|^x&h3'3
WZv^xf('3#
Wz^x^`&&3
<||(x+(;
_XcptFilter
x]Hno!
>X,n3'
x!r6/<S
^x sb/
YPV=&l
Yqvo`$.jS'-K
y*(s#_
,ysp_?
`Yv~(0{
Y!y7`<Vd
zehgW'v3
-Z;Vlf