Analysis Date2015-08-11 07:32:58
MD58625a76b826b05cea740ddf9cbd31b2d
SHA19de487d484c82a1fa09dbddf1c43f6beb94e3525

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash3c2dc10e4926deac196afcdd9795d6a674a708fa
IMPhashd5457eeea56d0c64e40250d044842848
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Graftor.234950
AVDr. WebBackDoor.Siggen.59488
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Graftor.234950
AVBullGuardGen:Variant.Graftor.234950
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyno_virus
AVZillya!no_virus
AVEmsisoftGen:Variant.Graftor.234950
AVIkarusTrojan.Win32.Injector
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.XSGG-3605
AVMalwareBytesTrojan.Bunitu
AVMicroWorld (escan)Gen:Variant.Graftor.234284
AVMicrosoft Security EssentialsTrojan:Win32/Carberp!rfn
AVK7Trojan ( 004cb6451 )
AVBitDefenderGen:Variant.Graftor.234950
AVFortinetW32/Injector.CGAP!tr
AVSymantecno_virus
AVGrisoft (avg)Inject3.LS
AVEset (nod32)Win32/Injector.CGGL
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Variant.Graftor.234950
AVTwisterno_virus
AVAvira (antivir)TR/AD.Glupteba.Y.656
AVMcafeeno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
21150727\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://95.154.246.180:50007/stat?uid=100&downlink=1111&uplink=1111&id=00190630&statpass=bpass&version=21150727&features=30&guid=710d36bb-fbf3-4dd6-ba0f-394383b43887&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://209.95.38.62:17326/stat?uid=100&downlink=1111&uplink=1111&id=00191A73&statpass=bpass&version=21150727&features=30&guid=710d36bb-fbf3-4dd6-ba0f-394383b43887&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://173.236.22.66:22740/stat?uid=100&downlink=1111&uplink=1111&id=00192E3A&statpass=bpass&version=21150727&features=30&guid=710d36bb-fbf3-4dd6-ba0f-394383b43887&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://85.204.119.1:35535/stat?uid=100&downlink=1111&uplink=1111&id=001941D2&statpass=bpass&version=21150727&features=30&guid=710d36bb-fbf3-4dd6-ba0f-394383b43887&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://195.3.147.29:33376/stat?uid=100&downlink=1111&uplink=1111&id=00195569&statpass=bpass&version=21150727&features=30&guid=710d36bb-fbf3-4dd6-ba0f-394383b43887&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://80.252.188.228:30708/stat?uid=100&downlink=1111&uplink=1111&id=00196910&statpass=bpass&version=21150727&features=30&guid=710d36bb-fbf3-4dd6-ba0f-394383b43887&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://81.27.85.118:49126/stat?uid=100&downlink=1111&uplink=1111&id=00197CA8&statpass=bpass&version=21150727&features=30&guid=710d36bb-fbf3-4dd6-ba0f-394383b43887&comment=21150727&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 95.154.246.180:50007
Flows TCP192.168.1.1:1031 ➝ 95.154.246.180:50007
Flows TCP192.168.1.1:1032 ➝ 209.95.38.62:17326
Flows TCP192.168.1.1:1033 ➝ 173.236.22.66:22740
Flows TCP192.168.1.1:1034 ➝ 85.204.119.1:35535
Flows TCP192.168.1.1:1035 ➝ 195.3.147.29:33376
Flows TCP192.168.1.1:1036 ➝ 80.252.188.228:30708
Flows TCP192.168.1.1:1037 ➝ 81.27.85.118:49126

Raw Pcap

Strings