Analysis Date2015-12-27 21:35:11
MD546ab5f9bd68088667aba3c052b04df3d
SHA18eb1dd5b3bcc81e184cb41017e3519f90f202776

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3a529c5265c4de5e6938bbcc4a3d1edc sha1: a841d84b97fd02714887e0427e9fa6a23e9c3aac size: 107008
Section.rdata md5: 17f3b566d375e910d223e4d280cbce06 sha1: e19faf4cb9d9cdf8b7dc62217a1519824ab9de4e size: 43520
Section.data md5: 731b488ee2f0dd5243c40cc54738d79b sha1: 32638fa193318f90c378bdcc85665968ac221f8e size: 36352
Section.rsrc md5: 939a5ca3ed45b455de948b8c67128fb0 sha1: 046194ce4b566e54900e42577a39172cc718fb0a size: 68608
Timestamp2015-10-17 06:24:49
PackerMicrosoft Visual C++ ?.?
PEhash83acf42abd576652ecf92a1a89bd17528f73c4e0
IMPhash8ce601f04170cbdb7ae8521f69f73b74
AVAd-AwareTrojan.Lethic.Gen.10
AVDr. WebBackDoor.Andromeda.662
AVKasperskyTrojan.Win32.Generic
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVEmsisoftTrojan.Lethic.Gen.10
AVK7Trojan ( 004cef571 )
AVTrend Microno_virus
AVEset (nod32)Win32/Injector.BNHS
AVIkarusTrojan.Win32.Crypt
AVAlwil (avast)Androp [Drp]
AVFortinetW32/Kryptik.EASA!tr
AVGrisoft (avg)Inject3.LFS
AVAvira (antivir)TR/AD.Gamarue.Y.1240
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Lethic.Gen.10
AVSymantecTrojan Horse
AVVirusBlokAda (vba32)no_virus
AVBitDefenderTrojan.Lethic.Gen.10
AVZillya!no_virus
AVBullGuardTrojan.Lethic.Gen.10
AVRisingno_virus
AVMicroWorld (escan)Trojan.Lethic.Gen.10
AVCA (E-Trust Ino)no_virus
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVArcabit (arcavir)Trojan.Lethic.Gen.10
AVCAT (quickheal)no_virus
AVMcafeeRDN/Generic BackDoor
AVTwisterno_virus
AVClamAVno_virus
AVMalwareBytesBackdoor.Agent

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
176.9.102.215
DNSeurope.pool.ntp.org
Type: A
213.154.229.24
DNSeurope.pool.ntp.org
Type: A
83.168.200.199
DNSeurope.pool.ntp.org
Type: A
130.60.204.10
DNSnorth-america.pool.ntp.org
Type: A
64.71.128.26
DNSnorth-america.pool.ntp.org
Type: A
104.232.3.3
DNSnorth-america.pool.ntp.org
Type: A
108.61.73.244
DNSnorth-america.pool.ntp.org
Type: A
209.141.47.34
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.197
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
200.186.125.195
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSasia.pool.ntp.org
Type: A
218.189.210.4
DNSasia.pool.ntp.org
Type: A
122.155.169.213
DNSasia.pool.ntp.org
Type: A
202.118.1.130

Raw Pcap

Strings