Analysis Date2015-10-24 02:22:06
MD5830269294dbb78cb0c29879a259c6fec
SHA19191cc0eefc0a0d57b826ca4c394a2dd8b13e4d3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d0a5ab3dc88cff43829643ff82d12f21 sha1: 4ae2693d86f54afee8839a39388c2861b3957941 size: 6144
Section.rdata md5: ba801c28726c7c7c633842e9a354e8d4 sha1: 8ac600a7b0100f7831dbd5c3b43611e35565dd9e size: 4096
Section.data md5: d01f9b33910b37e8285a5049b980f60c sha1: 2d9b46d914d7490a2cef63751fe01a83edf1e032 size: 2048
Section.rsrc md5: a6921812de6b98e3bb07fcbe39b81adc sha1: 78cc12f94fc9c5912d55d72db05ec01736be0269 size: 19968
Timestamp2013-11-17 03:41:05
PackerMicrosoft Visual C 2.0
PEhashf0254163396cc975a66ac694a20d074f92c8815b
IMPhash012c63bb5f7f1ff21471f621b5d79f47
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeDownloader-FASG!830269294DBB
AVAvira (antivir)TR/Dldr.Upatre.KN
AVTwisterno_virus
AVAd-AwareTrojan.Downloader.JRTI
AVAlwil (avast)GenMalicious-KNL [Trj]
AVEset (nod32)Win32/Kryptik.DIGI
AVGrisoft (avg)Crypt_s.IMB
AVSymantecDownloader.Upatre!gen5
AVFortinetW32/Kryptic.ABGK!tr
AVBitDefenderTrojan.Downloader.JRTI
AVK7Trojan ( 004c29131 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.G
AVMicroWorld (escan)Trojan.Downloader.JRTI
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.Q.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.Q.gen!Eldorado
AVIkarusTrojan.VB.Crypt
AVEmsisoftTrojan.Downloader.JRTI
AVZillya!no_virus
AVKasperskyTrojan-Downloader.Win32.Upatre.aetm
AVTrend MicroTROJ_UP.9EED1BD4
AVCAT (quickheal)Trojan.Kadena.B4
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Downloader.JRTI
AVArcabit (arcavir)Trojan.Downloader.JRTI
AVClamAVno_virus
AVDr. WebTrojan.DownLoader13.15660
AVF-SecureTrojan.Downloader.JRTI
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\InstallXul.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2c7f_appcompat.txt
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1932 -e 156 -g
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 200

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 200

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1932 -e 156 -g

Network Details:


Raw Pcap

Strings