Analysis Date2015-04-02 17:22:26
MD57c054a367cb0eb5f913ae23ae9dab270
SHA19988b30c3b4dd92527aa44e9e385f67f5edc9c26

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 27c39bb941cbd7b4c97058d955b80d5f sha1: 96f33b2efa0f4f773c8cc8d9679c31ab9f00d6f7 size: 2048
Section.rdata md5: 9c8298432a49a96e535ff3b2f17553e8 sha1: 090ecd32bb6f62adad07de2c69e50dfeffd729a1 size: 512
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 056e03425f48bf0643168f07f5014915 sha1: e4effd47312f368e712798aa216e11bd33871822 size: 32768
Section.reloc md5: cd38a8bdfa4c2792b1a4e4ca876fc244 sha1: 1e9691a1b6dba978054bcfaf92da3a1b140f7009 size: 512
Timestamp2008-05-10 22:21:21
PEhashccf2cd35b64c4d03ca6173bf57fa0e40217ee63f
IMPhash99165d2faeda3b38c0270f369fdfc8aa
AV360 Safeno_virus
AVAd-AwareGen:Variant.Kazy.128961
AVAlwil (avast)Kryptik-KXE [Trj]
AVArcabit (arcavir)Gen:Variant.Kazy.128961
AVAuthentiumW32/Trojan.UOBT-3513
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVBullGuardGen:Variant.Kazy.128961
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Cutwail.AQ
AVClamAVno_virus
AVDr. WebBackDoor.Siggen.51010
AVEmsisoftGen:Variant.Kazy.128961
AVEset (nod32)Win32/Kryptik.AQXA
AVFortinetW32/Pushdo.YOY!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.128961
AVGrisoft (avg)Dropper.Generic7.ADFE
AVIkarusBackdoor.Win32.Pushdo
AVK7Backdoor ( 0040f0931 )
AVKaspersky 2015Trojan.Win32.Generic
AVMalwareBytesTrojan.Ransom.Gen
AVMcafeeDownloader-FAKI!7C054A367CB0
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BW
AVMicroWorld (escan)Gen:Variant.Kazy.128961
AVRisingno_virus
AVSophosTroj/Cutwail-Y
AVSymantecTrojan.ADH.2
AVTrend MicroBKDR_PUSHDO.SMJ
AVVirusBlokAda (vba32)TrojanDropper.Dorifel

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\jurlamgaskop ➝
C:\Documents and Settings\Administrator\jurlamgaskop.exe
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
Creates FileC:\Documents and Settings\Administrator\jurlamgaskop.exe
Creates File\Device\Afd\Endpoint
Creates Mutexjurlamgaskop

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.163.152
DNSsmtp.live.com
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.163.152:25

Raw Pcap

Strings
.>
x.
&About
Alarm
Alarm Time/Date:
CANCEL
C&opy	Ctrl+C
Countdown Hours
Countdown Minutes
Countdown Seconds
Countdown Timer
&Cut	Ctrl+X
DateTimePicker1
&Del	Del
&Edit
&Exit	Esc
&File
Find &Next	F3
&Find Text	F2
&Help
Joe's Alarm/Countdown Timer/StopWatch!
Merge &File	Ctrl+F
MS Sans Serif
MYDIALOG
&New	Ctrl+N
New &Instance	Ctrl+W
&Open	Ctrl+O
&Paste	Ctrl+V
PICK SOUND
Repeat after Countdown
Save &As	Ctrl+B
&Save	Ctrl+S
&Select All	Ctrl+A
START
STOP
StopWatch
SysDateTimePick32
&Toggle Selection Bar	Ctrl+T
&Undo	Ctrl+Z
!0;0P0\0
<;0^HV
(|0tUk
101231220000Z
1g1M2S2Y2
2>5H5M5X5
391231235959Z0
3/-u%3^
5POr>\
6 6&6,62686>6
9>,:4k
9rK#Fm
A:CY\j
.>aPAz
:AW6?M
/axIIHC	
b4k5]$
cO#"e"^6"|
;CpH	J8
c<uppO
C"zJVP9
@.data
DispatchMessageA
E%ga?B
ExitProcess
f5Tk:q
|fBcU%k
~g?0>16
g<3G}z
g({734.
gdi32.dll
GetMessageA
GetModuleHandleA
GetObjectA
GetProcAddress
Gpj8$ta
gt#~5u4
<hMEa$}
i?Fb@Q
Is*H.w
/-`ixNH2
+JiR{U
kernel32.dll
KillTimer
kW_n	@
L=3'm&Y
LoadImageA
LoadLibraryA
.l!U%-
.n}Z=8n
'&n:Zm	
odX`)'
p9)';E
 pe}2a7
!qP_'ho
qZbWf<
`.rdata
@.reloc
rL.$[7
Roareqi
Roareqi0
)sb UK
SetTimer
SFr%;)
!This program cannot be run in DOS mode.
T-^I6D#X
TranslateMessage
udOPuI
user32.dll
use~tp
vfG?ce
VirtualAlloc
][`wCc
X8FltL
XM7Tu7
XV-o'U
{<:ybB
y;F(DH
	z^!0.jL
z&]Q+d