Analysis Date2016-02-03 12:34:14
MD5b2fc3d46a89f5e149a8d74b70327bfd1
SHA18e94f587fcab7385580763507b66bf6559902e5d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f982371d481ef9f61b7573603315c180 sha1: 544f4f686715be99823ec6255dabad3065fe77b9 size: 22528
Section.rdata md5: a43ec74fb6127fecf6852a3aeb375ecf sha1: a697eaee9fe963bbeef578b22ade98e2bd7f4184 size: 9728
Section.data md5: aaf76b7ae5fdf6a178477bf91040cea2 sha1: 86b96f021f7371e026ef07f3ec5081f13bca6fdc size: 13824
Section.rsrc md5: cd2fad807c14f0360eefd76b4e125a65 sha1: 72890e4dc3c0667e21592bb364ca692120ee2148 size: 23552
Timestamp2015-07-21 22:10:23
PackerMicrosoft Visual C++ ?.?
PEhashf63290b374b3148ccb81b63fd3f3745add660746
IMPhashceba147425103f774efb75bab565826b
AVMcafeeGeneric.xb
AVFortinetW32/Kryptik.DQYX!tr
AVAd-AwareTrojan.GenericKD.2586964
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVZillya!Backdoor.Androm.Win32.23666
AVMalwareBytesTrojan.Agent
AVFrisk (f-prot)No Virus
AVAvira (antivir)TR/Crypt.ZPACK.82386
AVVirusBlokAda (vba32)Backdoor.Androm
AVTwisterTrojan.DOMG.fezj
AVMicroWorld (escan)Trojan.GenericKD.2586964
AVCA (E-Trust Ino)No Virus
AVGrisoft (avg)Crypt4.BNWC
AVKasperskyTrojan.Win32.Generic
AVF-SecureTrojan.GenericKD.2586964
AVEset (nod32)Win32/Kryptik.DQYX
AVK7Trojan ( 004c92dc1 )
AVTrend MicroNo Virus
AVIkarusTrojan.Win32.Crypt
AVBullGuardTrojan.GenericKD.2586964
AVRisingNo Virus
AVCAT (quickheal)No Virus
AVAuthentiumW32/Trojan.KTMT-7250
AVClamAVWin.Trojan.Generickd-3139
AVSymantecPUA.Downloader
AVAlwil (avast)Dorder-E [Trj]
AVDr. WebTrojan.DownLoader15.8677
AVEmsisoftTrojan.GenericKD.2586964
AVBitDefenderTrojan.GenericKD.2586964
AVArcabit (arcavir)Trojan.GenericKD.2586964

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
81.27.192.20
DNSeurope.pool.ntp.org
Type: A
85.21.78.91
DNSeurope.pool.ntp.org
Type: A
85.252.162.7
DNSeurope.pool.ntp.org
Type: A
92.222.117.115
DNSnorth-america.pool.ntp.org
Type: A
50.116.38.157
DNSnorth-america.pool.ntp.org
Type: A
66.228.59.187
DNSnorth-america.pool.ntp.org
Type: A
104.232.3.3
DNSnorth-america.pool.ntp.org
Type: A
209.244.0.4
DNSsouth-america.pool.ntp.org
Type: A
190.228.30.178
DNSsouth-america.pool.ntp.org
Type: A
200.1.22.6
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
170.210.222.2
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSasia.pool.ntp.org
Type: A
211.233.84.186
DNSasia.pool.ntp.org
Type: A
82.200.209.236
DNSasia.pool.ntp.org
Type: A
160.16.101.116

Raw Pcap

Strings