Analysis Date2015-10-04 20:37:18
MD5ec44706b7fb924c581c3f93cc02f0c46
SHA19ba9640507db3a5a79648470af0ccb7fa142f9c1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7e0fc4e40bd64c30b9babd7d78c62f13 sha1: f2c146dea6044cbeab30a7c97dd1c7c291ac4f25 size: 26112
Section.rdata md5: b4d9925b98c2d17ba01c57dd2f6907ad sha1: d15b95f4444d5a61a5a379e57c79b76d2929b5d8 size: 111616
Section.data md5: 1fbc6649aad0ba50a3b7ea7dd646c69b sha1: ae32130ef2e5fe04cc0f072aa2cfc94b1c3e3f14 size: 3584
Timestamp2014-04-25 14:22:28
PackerMicrosoft Visual C++ ?.?
PEhash30a68687ce725599119c1019f875e976cd74a855
IMPhash0271aa3eb4a47992ba6cded5f2aa692f
AVPadvishno_virus
AVZillya!no_virus
AVMicrosoft Security Essentialsno_virus
AVRisingno_virus
AVAuthentiumno_virus
AVIkarusTrojan.Win32.Jorik
AVBullGuardGen:Win32.ExplorerHijack.imW@aGUbvMd
AVCA (E-Trust Ino)no_virus
AVGrisoft (avg)no_virus
AVEmsisoftGen:Win32.ExplorerHijack.imW@aGUbvMd
AVAd-AwareGen:Win32.ExplorerHijack.imW@aGUbvMd
AVMalwareBytesno_virus
AVFortinetno_virus
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)no_virus
AVKasperskyTrojan-Dropper.Win32.Injector.njoh
AVMcafeeRDN/Generic.hra
AVF-SecureGen:Win32.ExplorerHijack.imW@aGUbvMd
AVMicroWorld (escan)Gen:Win32.ExplorerHijack.imW@aGUbvMd
AVTwisterTrojan.DOMG.scsj
AVDr. WebTrojan.PWS.Ibank.808
AVAvira (antivir)TR/Dropper.Gen
AVFrisk (f-prot)no_virus
AVK7no_virus
AVSymantecno_virus
AVArcabit (arcavir)Gen:Win32.ExplorerHijack.imW@aGUbvMd
AVVirusBlokAda (vba32)no_virus
AVTrend MicroBKDR_PLUGX.EO
AVClamAVno_virus
AVCAT (quickheal)TrojanAPT.PlugX.E4
AVBitDefenderGen:Win32.ExplorerHijack.imW@aGUbvMd

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates ProcessC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates MutexGlobal\qzkjkfoluyatt

Process
↳ C:\Documents and Settings\All Users\DRM\XXX\.exe

Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates MutexGlobal\aftaumxbdnqsjbpbv
Creates MutexGlobal\qzkdc
Creates MutexGlobal\eklrhgdvaqrfzgugv
Creates MutexGlobal\ommdvtuqnjwvdfajh
Creates MutexGlobal\kdiolmoexbmog
Creates MutexGlobal\ssmuagced
Creates MutexGlobal\mschu
Creates MutexGlobal\gxklm
Creates MutexGlobal\qzkjkfoluyatt
Creates MutexGlobal\imdsh
Creates MutexGlobal\mwmwahssfgzhbdlaa
Creates MutexGlobal\inkxsdwqbtist
Creates MutexGlobal\uimnyxkbx
Creates MutexGlobal\ykbchaeqgqtdt
Creates MutexGlobal\iqlpefsfveadljlia
Creates MutexGlobal\aelyqgtun
Creates MutexGlobal\mwmjwuuwpuvcczsph
Creates MutexGlobal\aelgflwcvvytstumy

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202020.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004201955.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202029.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202010.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202025.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX\nprqyjadoqkp
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004201950.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202000.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202005.jpg
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202014.jpg
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexGlobal\000000010000000000000100
Creates MutexMMMM
Winsock DNS127.0.0.1

Network Details:

Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53

Raw Pcap

Strings