Analysis Date2015-09-21 11:06:49
MD589063346b0644d6f704c85ea370d7ac8
SHA18631510aba3061908b66b29018fe9c3348d4498b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a426932fa413ac414235694b9d259563 sha1: 9a432addd6985ca163db00b78e530f362313a764 size: 13824
Section.rdata md5: 1a120b68e5e84d0f8368f227b69e7d92 sha1: 1effd3026aa4fd187fce4fd01bcd57b4e6d1fa2e size: 1536
Section.data md5: 4513755f13ce039540b7c320f4d91ada sha1: a4951684ce9d38f514dc0644dbae0cca2c789f5a size: 4608
Timestamp2015-03-05 04:51:24
PackerMicrosoft Visual C++ v6.0
PEhashc21d767d420ad924db3d82fc3f47dde2a8203aa7
IMPhash17718d17df5ccd4b3cdf20ceb677b86d
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Graftor.7361
AVDr. WebTrojan.DownLoad3.35231
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Graftor.7361
AVBullGuardGen:Variant.Graftor.7361
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Generic
AVZillya!no_virus
AVEmsisoftGen:Variant.Graftor.7361
AVIkarusTrojan.Win32.Glupteba
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.BRFX-2451
AVMalwareBytesTrojan.Agent.ED
AVMicroWorld (escan)Gen:Variant.Graftor.7361
AVMicrosoft Security EssentialsTrojan:Win32/Carberp.I
AVK7Trojan ( 00286e241 )
AVBitDefenderGen:Variant.Graftor.7361
AVFortinetW32/Glupteba.M!tr
AVSymantecno_virus
AVGrisoft (avg)Generic_r.FCV
AVEset (nod32)Win32/Glupteba.M
AVAlwil (avast)Glupteba-B [Trj]
AVAd-AwareGen:Variant.Graftor.7361
AVTwisterno_virus
AVAvira (antivir)TR/Downloader.Gen
AVMcafeeRDN/Generic Downloader.x

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
15150305\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://207.210.200.157:52112/stat?uid=100&downlink=1111&uplink=1111&id=00016423&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
HTTP GEThttp://192.210.50.26:15745/stat?uid=100&downlink=1111&uplink=1111&id=000177FA&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
HTTP GEThttp://108.163.204.10:38102/stat?uid=100&downlink=1111&uplink=1111&id=00018B91&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
HTTP GEThttp://212.175.87.184:49205/stat?uid=100&downlink=1111&uplink=1111&id=00019F29&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
HTTP GEThttp://213.238.168.2:33879/stat?uid=100&downlink=1111&uplink=1111&id=0001B2C0&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
HTTP GEThttp://176.34.13.203:35525/stat?uid=100&downlink=1111&uplink=1111&id=0001C658&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
HTTP GEThttp://69.64.87.23:51447/stat?uid=100&downlink=1111&uplink=1111&id=0001D9F0&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
HTTP GEThttp://91.229.232.51:18532/stat?uid=100&downlink=1111&uplink=1111&id=0001ED97&statpass=bpass&version=15150305&features=30&guid=a117b58c-006b-4b87-925e-e36491a57ad7&comment=15150305&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 207.210.200.157:52112
Flows TCP192.168.1.1:1031 ➝ 207.210.200.157:52112
Flows TCP192.168.1.1:1032 ➝ 192.210.50.26:15745
Flows TCP192.168.1.1:1033 ➝ 108.163.204.10:38102
Flows TCP192.168.1.1:1034 ➝ 212.175.87.184:49205
Flows TCP192.168.1.1:1035 ➝ 213.238.168.2:33879
Flows TCP192.168.1.1:1036 ➝ 176.34.13.203:35525
Flows TCP192.168.1.1:1037 ➝ 69.64.87.23:51447
Flows TCP192.168.1.1:1038 ➝ 91.229.232.51:18532

Raw Pcap

Strings