Analysis Date2015-12-17 23:15:00
MD5b6fe7744fd80856c12aa512c929c71fc
SHA188c948c81d61c035b12ad21ec710f66588328e24

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c02003b9f50c63f6a112afcee0c8057e sha1: 7a491315e9fb929b216e9d249e0b05bee0c28465 size: 16384
Section.data md5: 2395a14b242238675b3a7322d039eb97 sha1: 9221e044437a07c96ff3c8a686e1f031edf554aa size: 4096
Section.rsrc md5: baabdff38152118699c72fc17e454372 sha1: 519883dd302e18b465fe071e2fb2957501e1d7ad size: 8192
Section!55u md5: 241f0c0bf117624f082e8dfb098131e0 sha1: 327fd4aedb13d55d60f1723157e3af2b0944982a size: 20480
Timestamp2001-07-19 19:29:57
Pdb pathpdb
VersionLegalCopyright: Copyright (C) Microsoft Corp. 1981-2000
InternalName: MSNUNIN
FileVersion: 6.10.0016.1624
CompanyName: Microsoft Corporation
Built by: msnbld
ProductName: Microsoft(R) MSN (R) Communications System
ProductVersion: 6.10.0016.1624
FileDescription: MSN Uninstall Progman
OriginalFilename: MSNUNIN.EXE
LegalCopyright: Copyright (C) Microsoft Corp. 1981-2000
InternalName: MSNUNIN
FileVersion: 6.10.0016.1624
CompanyName: Microsoft Corporation
Built by: msnbld
ProductName: Microsoft(R) MSN (R) Communications System
ProductVersion: 6.10.0016.1624
FileDescription: MSN Uninstall Progman
OriginalFilename: MSNUNIN.EXE
PEhash38beae96e6914d06b77ee1977f1328fa59c87d9b
IMPhash2a1c59f2822a4b9e0435e5c824306502
AVClamAVWin.Trojan.Downloader-64296
AVMcafeeW32/Kudj
AVFrisk (f-prot)W32/PatchLoad.E
AVBullGuardWin32.VJadtre.3
AVMicrosoft Security EssentialsVirus:Win32/Mikcer.B
AVAvira (antivir)W32/Jadtre.B
AVF-SecureWin32.VJadtre.3
AVMicroWorld (escan)Win32.VJadtre.3
AVDr. WebBackDoor.Darkshell.246
AVAlwil (avast)Malware-gen:Evo-gen [Susp]:Win32:Malware-gen
AVGrisoft (avg)Win32/Wapomi.I
AVCA (E-Trust Ino)Win32/Nimnul.A
AVRisingWin32.Roue.a
AVEmsisoftWin32.VJadtre.3
AVIkarusTrojan-Downloader.Win32.Small
AVAuthentiumW32/PatchLoad.E
AVBitDefenderWin32.VJadtre.3
AVSymantecW32.Wapomi.C!inf
AVK7Virus ( 0040f7441 )
AVEset (nod32)Win32/Wapomi.BA virus
AVTrend MicroPE_WAPOMI.BM
AVCAT (quickheal)W32.Nimnul.F1
AVKasperskyVirus.Win32.Nimnul.f
AVTwisterVirus.558BEC81EC@120000#.mg
AVArcabit (arcavir)Win32.VJadtre.3
AVFortinetW32/Nimnul.F
AVVirusBlokAda (vba32)Virus.Nimnul.19209
AVMalwareBytesno_virus
AVAd-AwareWin32.VJadtre.3
AVZillya!Virus.Nimnul.Win32.5

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\VzwYAe.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\VzwYAe.exe

Process
↳ C:\WINDOWS\system32\cmd.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\VzwYAe.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\GTplus\Time ➝
NULL
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Creates FileC:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
Creates FileC:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\setup.exe
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
Creates FileC:\temp\files\malware.exe
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\instmsiw.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\74ce2864.bat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
Creates FileC:\temp\files\VzwYAe.exe
Creates FileC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
Winsock DNSddos.dnsnb8.net
Winsock URLhttp://ddos.dnsnb8.net:799/cj//k1.rar

Network Details:

DNSddos.dnsnb8.net
Type: A

Raw Pcap

Strings