Analysis Date2015-12-18 06:50:53
MD53eace8c1db81d7ae9f061079af00b59d
SHA187fb706982abe57c963c19b8fa2533081c1f7492

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9b8489659d17a36ef59b22bb825ea9dd sha1: e96d555713aeccd1b668146edeb969df5e3da91e size: 38400
Section.rdata md5: 0d25b8b768a145e0c9e6a6cc37a23257 sha1: fd69f980ac8bb6555d3310a0345e8917b8b8668a size: 9728
Section.data md5: 97ae15f598eee37ee6238c59eff6dd6e sha1: c0a037bea98e13fca2c803fef93c0fcc30ec40cf size: 4096
Section.rthxg md5: bd7a1e399941e7903fbe54a2779108cd sha1: 2d12332fd7ce264676ff2ceda653beb3e1cbb7f7 size: 23040
Section.cfgy md5: cfc9d5d5ef3c5c126321d4f604b3e1e5 sha1: d19a8774057d8d73036293f97c806509496c7a75 size: 5632
Section.rsrc md5: 8971547dfb992c730351c2702ab37a3d sha1: 593917ded512cedaf674a7f7e42eb0b12694afe6 size: 1024
Section.reloc md5: f8e6ab046fee2d788c77bb9c69fbe0cb sha1: 644957bd26ef3c449548f2d666b7627b4604b98e size: 3584
Timestamp2015-09-19 02:03:22
VersionCompanyName: serdjgheru
PackerMicrosoft Visual C++ ?.?
PEhash0b70cad92649fa8bea696af60ca47047997f971d
IMPhash41270d51bb2a6d5fec58c0571848bc64
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.DYFJ!tr
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVVirusBlokAda (vba32)Backdoor.Androm
AVK7Trojan-Downloader ( 004a98c31 )
AVZillya!Backdoor.Androm.Win32.27305
AVIkarusTrojan.Win32.Tobfy
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Worm.Gamarue.WR6
AVTrend MicroRansom_.0A217DD0
AVBitDefenderGen:Variant.Kazy.575686
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Variant.Kazy.575686
AVTwisterTrojan.Girtk.DXPF.sxas
AVAuthentiumW32/S-f6d9c617!Eldorado
AVArcabit (arcavir)Gen:Variant.Kazy.575686
AVBullGuardGen:Variant.Kazy.575686
AVAd-AwareGen:Variant.Kazy.575686
AVClamAVno_virus
AVAvira (antivir)TR/Kryptik.abbojl
AVEset (nod32)Win32/TrojanDownloader.Wauchos.AK
AVDr. WebTrojan.Siggen.65341
AVGrisoft (avg)Crypt4.CLJM
AVMicroWorld (escan)Gen:Variant.Kazy.575686
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVF-SecureGen:Variant.Kazy.575686
AVMalwareBytesRansom.CryptoWall
AVKasperskyTrojan.Win32.Generic
AVMcafeeGamarue-FCX!3EACE8C1DB81

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.18.118.13
DNSeurope.pool.ntp.org
Type: A
212.83.179.156
DNSeurope.pool.ntp.org
Type: A
87.244.233.3
DNSeurope.pool.ntp.org
Type: A
178.17.41.184
DNSnorth-america.pool.ntp.org
Type: A
204.2.134.164
DNSnorth-america.pool.ntp.org
Type: A
129.250.35.251
DNSnorth-america.pool.ntp.org
Type: A
192.155.90.13
DNSnorth-america.pool.ntp.org
Type: A
198.211.106.151
DNSsouth-america.pool.ntp.org
Type: A
146.164.48.5
DNSsouth-america.pool.ntp.org
Type: A
170.155.148.1
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSasia.pool.ntp.org
Type: A
185.23.153.237
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSasia.pool.ntp.org
Type: A
52.69.228.202
DNSasia.pool.ntp.org
Type: A
157.7.153.56
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
103.242.68.69
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSafrica.pool.ntp.org
Type: A
196.41.127.42
DNSafrica.pool.ntp.org
Type: A
196.192.32.7
DNSafrica.pool.ntp.org
Type: A
197.82.150.123
DNSafrica.pool.ntp.org
Type: A
197.157.194.21

Raw Pcap

Strings