Analysis Date2015-11-11 22:50:49
MD502fa69838ca0987baaeb9642eb4c609c
SHA1889a79211463f33ddda36cc092e5f51467c7b84a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 065052edccea4aa68c3691c882dc6793 sha1: e00e93190b73363a3ffb504120bfbe0de58157a4 size: 105984
Section.rdata md5: b28f3e0e90a0355e99206c4591042c24 sha1: 6708a8bb394ae32763fbccd96f2264b279b3b9dc size: 40448
Section.data md5: 37fc29d025675282d3af21f9e7932ce4 sha1: e4650f476bf24fe182d4944ed5a7df3197c72dca size: 36352
Section.rsrc md5: e55f9dda01ff3a4fc097c0e94b890bef sha1: 46c6568ed515b1ff1043a01fc150c3ec8293e13c size: 78848
Timestamp2015-10-20 11:24:58
PackerMicrosoft Visual C++ ?.?
PEhash4f3fe813d5308c105901dfae6532f35292a097f9
IMPhash8cac9224e3f9344f814f96a3aca1ff77
AVCA (E-Trust Ino)No Virus
AVCA (E-Trust Ino)No Virus
AVRisingNo Virus
AVMcafeeGamarue-FDC!02FA69838CA0
AVAvira (antivir)TR/Crypt.ZPACK.191375
AVTwisterNo Virus
AVAd-AwareTrojan.GenericKDZ.30724
AVAlwil (avast)Androp [Drp]
AVEset (nod32)Win32/Injector.BNHS
AVGrisoft (avg)Crypt_r.AFH
AVSymantecNo Virus
AVFortinetW32/Kryptik.EBIH!tr
AVBitDefenderTrojan.GenericKDZ.30724
AVK7Trojan ( 004cef571 )
AVMicrosoft Security EssentialsWorm:Win32/Kasidet
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVMalwareBytesRansom.CryptoWall
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftTrojan.GenericKDZ.30724
AVZillya!Trojan.Cryakl.Win32.156
AVKasperskyTrojan.Win32.SelfDel.birq
AVTrend MicroNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)Backdoor.Androm
AVPadvishNo Virus
AVBullGuardTrojan.GenericKDZ.30724
AVArcabit (arcavir)Trojan.GenericKDZ.30724
AVClamAVNo Virus
AVDr. WebTrojan.DownLoad3.35944
AVF-SecureTrojan.GenericKDZ.30724
AVRisingNo Virus
AVMcafeeGamarue-FDC!02FA69838CA0
AVAvira (antivir)TR/Crypt.ZPACK.191375
AVTwisterNo Virus
AVAd-AwareTrojan.GenericKDZ.30724
AVAlwil (avast)Androp [Drp]
AVEset (nod32)Win32/Injector.BNHS
AVGrisoft (avg)Crypt_r.AFH
AVSymantecNo Virus
AVFortinetW32/Kryptik.EBIH!tr
AVBitDefenderTrojan.GenericKDZ.30724
AVK7Trojan ( 004cef571 )
AVMicrosoft Security EssentialsWorm:Win32/Kasidet
AVMicroWorld (escan)Trojan.GenericKDZ.30724
AVMalwareBytesRansom.CryptoWall
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\regedit.exe ➝
C:\Documents and Settings\Administrator\Application Data\UVJlWVxU\regedit.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\UVJlWVxU\regedit.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\delself.bat
Creates ProcessC:\Documents and Settings\Administrator\Application Data\UVJlWVxU\regedit.exe C:\889A79~1.EXE
Creates MutexUVJlWVxU

Process
↳ C:\WINDOWS\system32\cmd.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\UVJlWVxU\regedit.exe C:\889A79~1.EXE

Network Details:


Raw Pcap

Strings