Analysis Date2015-12-24 23:04:53
MD54d109cc85ab63da1d1ce2bebf647f060
SHA187eb18fa27c8112531d8c1a29854f280562c0334

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 36111e9282d2e07daeb14ef89e5cd398 sha1: 557634c4e2e4470c8dbc1084ac98835d73687183 size: 29184
Section.rdata md5: a844d9967db0f72a856f1e60bb07d88f sha1: 40ecc28174e304cea07043b829c1891d80bdd47c size: 24064
Section.data md5: b7f24772877bde689ba387f2f49886cb sha1: 0b0ea21665a2e5ba08dab14530faaab3a18accea size: 3072
Section.vberi md5: 4af1705df0402e512a596671d145c646 sha1: 5bec0bf4323e6cc54c5232e3a5a27023a168bd41 size: 8192
Section.rsrc md5: 44fbd5ef222f72ff3ad64fe17b2a8de9 sha1: d1dcdcdff8ed041ccf59b3a570661c741fafcc80 size: 1536
Section.reloc md5: 424364a577355d54e564cba4cb13bd1d sha1: 82fc2925f88b152451ded841513e0a6580933df3 size: 3072
Timestamp2015-09-08 08:30:40
VersionLegalCopyright: dswteyurtetuitr
InternalName: dswteyurtetuitr
FileVersion: 3.10.349.0
CompanyName: dswteyurtetuitr
LegalTrademarks1: dswteyurtetuitr
LegalTrademarks2: dswteyurtetuitr
ProductName: dswteyurtetuitr
ProductVersion: 3.10
FileDescription: dswteyurtetuitr
OriginalFilename: dswteyurtetuitr
PackerMicrosoft Visual C++ ?.?
PEhashc7d68ce40cbc1848279f8786623130463ce49c2c
IMPhashe5cb26060d93f03d08284935287e464c
AVAd-AwareTrojan.Generic.14961018
AVGrisoft (avg)Crypt4.CGDN
AVCAT (quickheal)Worm.Gamarue.WR6
AVIkarusTrojan.Win32.Crypt
AVAvira (antivir)TR/Kryptik.abbojc
AVK7Trojan ( 004cecdb1 )
AVClamAVno_virus
AVKasperskyTrojan.Win32.Generic
AVArcabit (arcavir)Trojan.Generic.14961018
AVMalwareBytesTrojan.Downloader.INJ
AVDr. WebTrojan.Siggen6.49905
AVMcafeeRDN/Generic.hra
AVBitDefenderTrojan.Generic.14961018
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVEmsisoftTrojan.Generic.14961018
AVMicroWorld (escan)Trojan.Generic.14961018
AVAlwil (avast)Dorder-E [Trj]
AVEset (nod32)Win32/Kryptik.DWQC
AVRisingno_virus
AVBullGuardTrojan.Generic.14961018
AVFortinetW32/Kryptik.DYFJ!tr
AVSymantecTrojan.Gen.2
AVAuthentiumW32/Trojan.JNZC-7687
AVTrend Microno_virus
AVFrisk (f-prot)no_virus
AVTwisterTrojan.Girtk.DWQC.xyki
AVCA (E-Trust Ino)no_virus
AVVirusBlokAda (vba32)no_virus
AVF-SecureTrojan.Generic.14961018
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe
Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Process
↳ C:\WINDOWS\system32\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
163.172.10.212
DNSeurope.pool.ntp.org
Type: A
185.31.136.34
DNSeurope.pool.ntp.org
Type: A
46.165.194.70
DNSeurope.pool.ntp.org
Type: A
77.66.37.130
DNSnorth-america.pool.ntp.org
Type: A
52.0.56.137
DNSnorth-america.pool.ntp.org
Type: A
69.164.201.165
DNSnorth-america.pool.ntp.org
Type: A
71.6.186.122
DNSnorth-america.pool.ntp.org
Type: A
129.6.15.28
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.16
DNSasia.pool.ntp.org
Type: A
103.245.79.2
DNSasia.pool.ntp.org
Type: A
129.250.35.250
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSasia.pool.ntp.org
Type: A
202.162.32.12
DNSoceania.pool.ntp.org
Type: A
192.189.54.17
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
121.0.0.42
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSafrica.pool.ntp.org
Type: A
41.231.7.85
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSafrica.pool.ntp.org
Type: A
197.84.150.123

Raw Pcap

Strings