Analysis Date2015-11-24 20:12:38
MD5e21066e40cc282776a1fd82c55bdb423
SHA19da5f10d002f65de9a921bf28c010206f533b3d8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5d36e1ef51183954bc6c405dc45e4b63 sha1: 047a20360b14df2c84f9e47573d06e78533b7318 size: 109056
Section.rdata md5: c42e8a2176140f5a66b7308f1c8c5862 sha1: 58b75898a9b16922beb4664368da03f6bef07dc4 size: 22016
Section.data md5: 99cedc32ed131cec66871cf7f8965912 sha1: b226b31db664eb80b1f3d188f8c51f12d2588cca size: 76288
Section.rsrc md5: a8e478c4d59cf2c90a52c6293afa5eb5 sha1: ec34073790d3d4ff5d021fa7d750f010c09f10bb size: 56832
Timestamp2015-11-13 10:10:48
PackerMicrosoft Visual C++ ?.?
PEhash9cc2051b9c0e6a27a8eaea85cfe2e0e1e83051c6
IMPhashcfbc1450f900ba6991e390989dee7a8a
AVRisingno_virus
AVMcafeeRDN/Generic BackDoor
AVAvira (antivir)TR/AD.Gamarue.Y.1601
AVTwisterno_virus
AVAd-AwareGen:Variant.Symmi.58365
AVAlwil (avast)Dorder-C [Trj]
AVEset (nod32)Win32/Kryptik.EEUI
AVGrisoft (avg)Generic36.CLRK
AVSymantecBackdoor.Trojan
AVFortinetW32/Kryptik.EEUI!tr
AVBitDefenderGen:Variant.Symmi.58365
AVK7Trojan ( 004d6b3c1 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Gen:Variant.Zusy.169904
AVMalwareBytesTrojan.Injector
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Crypt
AVEmsisoftGen:Variant.Symmi.58365
AVZillya!no_virus
AVKasperskyBackdoor.Win32.Androm.iqzb
AVTrend MicroBKDR_AN.0275E0E1
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Symmi.58365
AVArcabit (arcavir)Gen:Variant.Symmi.58365
AVClamAVno_virus
AVDr. WebBackDoor.IRC.NgrBot.42
AVF-SecureGen:Variant.Symmi.58365
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeRDN/Generic BackDoor
AVAvira (antivir)TR/AD.Gamarue.Y.1601
AVTwisterno_virus
AVAd-AwareGen:Variant.Symmi.58365
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.EEUI
AVGrisoft (avg)Generic36.CLRK
AVSymantecBackdoor.Trojan
AVFortinetW32/Kryptik.EEUI!tr
AVBitDefenderGen:Variant.Symmi.58365
AVK7Trojan ( 004d6b3c1 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Gen:Variant.Zusy.169904
AVMalwareBytesTrojan.Injector
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
131.211.8.244
DNSeurope.pool.ntp.org
Type: A
176.9.103.8
DNSeurope.pool.ntp.org
Type: A
5.34.248.224
DNSeurope.pool.ntp.org
Type: A
89.190.220.94
DNSnorth-america.pool.ntp.org
Type: A
129.250.35.251
DNSnorth-america.pool.ntp.org
Type: A
209.114.111.1
DNSnorth-america.pool.ntp.org
Type: A
209.118.204.201
DNSnorth-america.pool.ntp.org
Type: A
104.236.167.15
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
192.188.53.26
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.17
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSasia.pool.ntp.org
Type: A
168.63.242.24
DNSasia.pool.ntp.org
Type: A
180.211.88.211
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSasia.pool.ntp.org
Type: A
123.108.200.124
DNSoceania.pool.ntp.org
Type: A
121.0.0.42
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
54.252.165.245

Raw Pcap

Strings