Analysis Date2016-01-26 01:00:40
MD57c482ffb97aa69c6d4b2607579d0f04b
SHA19767eaa621233053ec56a7d8e17fa176676cf121

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0eb14f13eff568a43f7d0a7b83d8d8f1 sha1: c500142c7fed13a6fca2250190b21b0b80c1655d size: 98304
Section.rdata md5: d04b27e96065070d9c40111fb5a92df0 sha1: be79d6900039e334b4d3760ebc2aecc69f1a5970 size: 19968
Section.data md5: 4f619b8b9c639b50d8356d22360f9920 sha1: 89817c496cfb2ec14049295350c31f52804b6f28 size: 9216
Section.sdgstrh md5: 520778b0057c3f35c8e3279d362b8073 sha1: 988a5f8d3ca635b74380a88e6af565b33a2a27db size: 3072
Sectiontexxt md5: 24b32314a800f3b43734a0a880e8b894 sha1: dfa9075d1ba1b8797c49fc898bf128a7998ca45f size: 7168
Section.traxni md5: c61ddc93e0d06bc86774b4b3a209e6bd sha1: 82e27e4984eb6534b19655b526ba61871591e855 size: 5632
Section.treniro md5: 84a8062f0336bc2ae0588f4c8b5490f4 sha1: 9ab8d513eff923b954d85eb7063ed4444ca61bea size: 3072
Section.rfecdce md5: 098a2a2cc56704bbc1ca7d8e90bdab00 sha1: 69e775703cf3b10fc2c4b578628238a49af41026 size: 4608
Sectionexdrcvbn md5: 604c738a5c741e76d6a1c37bf5dcc8d2 sha1: 0965033c4326801e442cf5516b9c0ac318d9ae4b size: 7168
Sectionjgvybytv md5: a442b444d73895383245469dbae4ee01 sha1: 4f87c88acd8603e68e4a5e8099a63ec9ef7bb9b7 size: 4096
Sectionutfbutvb md5: b1127dff09eceebd8958cbe6faedbae9 sha1: 41503df5c77d2f6c2a2cd80222f91646e20025f7 size: 7680
Section.jytvbtn md5: 12ee6ff30094d8eddc6b6f4df88d4cff sha1: 38c18f805b1f5b018686740443f344163440d046 size: 3584
Section.hcjghvb md5: 0b97fda6d5a76f5da8c77567754c0747 sha1: d82cd4c10ef77631e769e080d6bd77594dfa79c9 size: 8192
Sectionvjyvtjbh md5: 5ede6157efd3e898f5a2b36deaef86ff sha1: 3e95c049d20799e39920cc6526392c71b115e731 size: 8704
Sectionhbtrcnvy md5: f48a98e277ed23833c439be5fa0777f7 sha1: da116ebf612943b2e46d82ff1a146c9ddd28b8f3 size: 8704
Section.yr6tvcb md5: a3256554f1b0d9bbfc863b854db742ef sha1: 8feda4a7aac75980fa47b4f26a23561d7679cf4d size: 7680
Section.bnhycyh md5: f8855b9db33681f6e782d80b8812d7d2 sha1: 35b64025f6229d183bcabb1ed59c26e0fdba1b9b size: 8704
Section.rsrc md5: aabc2277fb406cb0eb6ae0850ed40724 sha1: b3a4ff3c4ea77b85565ee76f09edbaea5b2c4063 size: 54784
Timestamp2016-01-23 06:09:56
VersionLegalCopyright:
FileVersion: 1.8.1
CompanyName: Dogecoin project
ProductName: Dogecoin Core
ProductVersion: 1.8.1
FileDescription:
CompanyWebsite: http://www.dogecoin.com/
PackerMicrosoft Visual C++ ?.?
PEhashc6f942419758b1e5093119f8b62d613badd08869
IMPhashde9c5df17b756e93c789fea6eaa48a6d
AVCA (E-Trust Ino)No Virus
AVRisingNo Virus
AVMcafeeRDN/Generic.mem
AVAvira (antivir)TR/Crypt.Xpack.420415
AVTwisterNo Virus
AVAd-AwareTrojan.GenericKD.3005245
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.ELMQ
AVGrisoft (avg)Crypt5.ADQR
AVSymantecTrojan.Gen.2
AVFortinetNo Virus
AVBitDefenderTrojan.GenericKD.3005245
AVK7Trojan ( 004dc7431 )
AVMicrosoft Security EssentialsNo Virus
AVMicroWorld (escan)Trojan.GenericKD.3005245
AVMalwareBytesRansom.FileLocker
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftTrojan.GenericKD.3005245
AVZillya!No Virus
AVKasperskyTrojan.Win32.Agent.netwqo
AVTrend MicroNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVBullGuardTrojan.GenericKD.3005245
AVArcabit (arcavir)Trojan.GenericKD.3005245
AVClamAVNo Virus
AVDr. WebBackDoor.IRC.NgrBot.42
AVF-SecureTrojan.GenericKD.3005245

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Policies\Explorer\Run\317606753 ➝
C:\Documents and Settings\All Users\msvgqh.exe\\x00
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\Windows\Load ➝
\\x00
Creates FileC:\Documents and Settings\All Users\115500
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\msvgqh.exe
Creates File\Device\Afd\Endpoint
Deletes FileC:\9767EA~1.EXE
Winsock DNSmicrosoft.com
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSand25.binaryoptionisnotmelfolz1.com
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.6.222.20
DNSeurope.pool.ntp.org
Type: A
193.190.147.153
DNSeurope.pool.ntp.org
Type: A
193.225.118.130
DNSeurope.pool.ntp.org
Type: A
95.81.173.155
DNSnorth-america.pool.ntp.org
Type: A
132.163.4.102
DNSnorth-america.pool.ntp.org
Type: A
38.229.71.1
DNSnorth-america.pool.ntp.org
Type: A
69.167.160.102
DNSnorth-america.pool.ntp.org
Type: A
131.107.13.100
DNSsouth-america.pool.ntp.org
Type: A
190.15.141.64
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
179.60.247.252
DNSasia.pool.ntp.org
Type: A
218.234.23.44
DNSasia.pool.ntp.org
Type: A
104.41.190.151
DNSasia.pool.ntp.org
Type: A
120.88.46.10
DNSasia.pool.ntp.org
Type: A
218.186.3.36
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSafrica.pool.ntp.org
Type: A
196.223.19.3
DNSafrica.pool.ntp.org
Type: A
41.188.33.6
DNSafrica.pool.ntp.org
Type: A
41.231.7.85
DNSafrica.pool.ntp.org
Type: A
196.192.32.7
DNSpool.ntp.org
Type: A
23.92.29.245
DNSpool.ntp.org
Type: A
66.228.59.187
DNSpool.ntp.org
Type: A
69.164.194.139
DNSpool.ntp.org
Type: A
128.138.141.172
DNSmicrosoft.com
Type: A
104.40.211.35
DNSmicrosoft.com
Type: A
23.100.122.175
DNSmicrosoft.com
Type: A
23.96.52.53
DNSmicrosoft.com
Type: A
191.239.213.197
DNSmicrosoft.com
Type: A
104.43.195.251
DNSand25.binaryoptionisnotmelfolz1.com
Type: A
Flows UDP192.168.1.1:1043 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1044 ➝ 104.40.211.35:80
Flows UDP192.168.1.1:1045 ➝ 8.8.4.4:53

Raw Pcap

Strings