Analysis Date | 2016-02-03 01:28:25 |
---|---|
MD5 | b0bed6fdac9e9766eaf330daf3c7b9d2 |
SHA1 | 9cd8258b459b1a1054eea41923ddf9423a44cd5c |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: f0d6c8343a2439c80df7d012499f4c18 sha1: 9de6be4fe5e9ebb36f22e30a7899a8d30e3ef5f4 size: 529408 | |
Section | .rdata md5: 8506d13cb0f7b70793598f2c1d36e100 sha1: f22596ff4aa80ab2819420cf59025aa0c3c83898 size: 26112 | |
Section | .data md5: 0579f8b0a39953c5b349939d4a209ed4 sha1: ff7bdbd14d920c570c7a34e78cab65cf73fc93e5 size: 20992 | |
Section | .reloc md5: e9c080db05fef880aa1995b3a2dd8bb3 sha1: 2db1954259eb662595fd657d4ff406b268ee7e93 size: 39424 | |
Timestamp | 2014-11-19 16:44:28 | |
Packer | Microsoft Visual C++ 8 | |
PEhash | 6290aa65ac3626d840c2bba01d8660f931f3d41e | |
IMPhash | 5c6c81eba5e5b506c6bc113fd759867c | |
AV | CA (E-Trust Ino) | No Virus |
AV | Rising | 0x59a3f320 |
AV | Mcafee | Trojan-FHSQ!B0BED6FDAC9E |
AV | Avira (antivir) | TR/Taranis.2113 |
AV | Twister | W32.Toolbar.CrossRider.AE.lfcr.mg |
AV | Ad-Aware | Gen:Variant.Zusy.141475 |
AV | Alwil (avast) | Win32:Malware-gen |
AV | Eset (nod32) | Win32/Bayrob.BM |
AV | Grisoft (avg) | Generic37.AHZT |
AV | Symantec | Trojan.Gen |
AV | Fortinet | W32/Bayrob.BM!tr |
AV | BitDefender | Gen:Variant.Zusy.141475 |
AV | K7 | Trojan ( 004dc2a31 ) |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.DI |
AV | MicroWorld (escan) | Gen:Variant.Zusy.141475 |
AV | MalwareBytes | No Virus |
AV | Authentium | W32/Nivdort.E.gen!Eldorado |
AV | Emsisoft | Gen:Variant.Zusy.141475 |
AV | Frisk (f-prot) | W32/Nivdort.E.gen!Eldorado |
AV | Ikarus | Trojan.Bayrob |
AV | Zillya! | No Virus |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Trend Micro | No Virus |
AV | VirusBlokAda (vba32) | No Virus |
AV | CAT (quickheal) | TrojanSpy.Nivdort.WR4 |
AV | BullGuard | Gen:Variant.Zusy.141475 |
AV | Arcabit (arcavir) | Gen:Variant.Zusy.141475 |
AV | ClamAV | No Virus |
AV | Dr. Web | No Virus |
AV | F-Secure | Gen:Variant.Zusy.141475 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\ntxahbzrs\nthx1lkhdnbaxbtiof.exe |
---|---|
Creates File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Creates File | C:\ntxahbzrs\s3bk5bricj |
Deletes File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Creates Process | C:\ntxahbzrs\nthx1lkhdnbaxbtiof.exe |
Process
↳ C:\ntxahbzrs\nthx1lkhdnbaxbtiof.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BitLocker Framework Keying ➝ C:\ntxahbzrs\bkmmlrlgyp.exe |
---|---|
Creates File | C:\ntxahbzrs\rqnyyasb |
Creates File | PIPE\lsarpc |
Creates File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Creates File | C:\ntxahbzrs\bkmmlrlgyp.exe |
Creates File | C:\ntxahbzrs\s3bk5bricj |
Deletes File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Creates Process | C:\ntxahbzrs\bkmmlrlgyp.exe |
Creates Service | Health Background Tools Config Foundation - C:\ntxahbzrs\bkmmlrlgyp.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 800
Process
↳ Pid 848
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
---|
Process
↳ Pid 1204
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Process
↳ Pid 1848
Process
↳ Pid 1164
Process
↳ C:\ntxahbzrs\bkmmlrlgyp.exe
Creates File | pipe\net\NtControlPipe10 |
---|---|
Creates File | C:\ntxahbzrs\rqnyyasb |
Creates File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\ntxahbzrs\kibaduj |
Creates File | C:\ntxahbzrs\ohmenlsorfdt.exe |
Creates File | C:\ntxahbzrs\s3bk5bricj |
Deletes File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Creates Process | bxxlqwe1t0qp "c:\ntxahbzrs\bkmmlrlgyp.exe" |
Process
↳ C:\ntxahbzrs\bkmmlrlgyp.exe
Creates File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
---|---|
Creates File | C:\ntxahbzrs\s3bk5bricj |
Deletes File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Process
↳ bxxlqwe1t0qp "c:\ntxahbzrs\bkmmlrlgyp.exe"
Creates File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
---|---|
Creates File | C:\ntxahbzrs\s3bk5bricj |
Deletes File | C:\WINDOWS\ntxahbzrs\s3bk5bricj |
Network Details:
Raw Pcap
Strings