Analysis Date2015-12-07 00:30:17
MD5e6342ff532296a8e544e9e588e4d4a34
SHA1a0f268739312cb32bedf0c4708092d36e8ec512c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 816894eb5fdcf7b3249ebd65eaeacfd8 sha1: d2deec3b5504bf6c9309b603224ce15dd7c0a3ac size: 103424
Section.rdata md5: 2d242ceb6dd732921437046d3b48ca0c sha1: 2dfb3c576f7ffb6fadc2242dde107020b2aca13d size: 25088
Section.data md5: fae59d7ca62bb4387dc1f1951ad2b3ad sha1: 9f873d9c9a65fdd631e1dd440a3502c6b8db5470 size: 75776
Section.rsrc md5: 6df317ca8c7e8fb2e02d9058c661438d sha1: 9e8080bcf958db2faf833f909bf7157d75875703 size: 69632
Timestamp2015-11-09 13:12:15
PackerMicrosoft Visual C++ ?.?
PEhashe3b3ea3c29cc9f1b4c8c56702b9ae33de55a55af
IMPhash90ac637f9c7d3acf74e2a362d19b707e
AVKasperskyBackdoor.Win32.Androm.iqhg
AVRisingno_virus
AVF-SecureTrojan.GenericKDZ.31129
AVKasperskyBackdoor.Win32.Androm.iqhg
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Trojan.GenericKDZ.31129
AVFortinetW32/Kryptik.EEIC!tr
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004d66d31 )
AVMcafeeRDN/Swizzor.gen
AVMcafeeRDN/Swizzor.gen
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Trojan.GenericKDZ.31129
AVEset (nod32)Win32/Kryptik.EEQM
AVEset (nod32)Win32/Kryptik.EEQM
AVFortinetW32/Kryptik.EEIC!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKDZ.31129
AVGrisoft (avg)Generic_r.GGN
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004d66d31 )
AVMalwareBytesno_virus
AVMalwareBytesno_virus
AVAd-AwareTrojan.GenericKDZ.31129
AVBullGuardTrojan.GenericKDZ.31129
AVBullGuardTrojan.GenericKDZ.31129
AVAlwil (avast)Dorder-C [Trj]
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVCA (E-Trust Ino)no_virus
AVCA (E-Trust Ino)no_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVAlwil (avast)Dorder-C [Trj]
AVCAT (quickheal)Worm.Gamarue.r4
AVCAT (quickheal)Worm.Gamarue.r4
AVAd-AwareTrojan.GenericKDZ.31129
AVAvira (antivir)TR/Crypt.ZPACK.206217
AVClamAVno_virus
AVClamAVno_virus
AVAvira (antivir)TR/Crypt.ZPACK.206217
AVGrisoft (avg)Generic_r.GGN
AVDr. WebTrojan.DownLoader17.44380
AVDr. WebTrojan.DownLoader17.44380
AVArcabit (arcavir)Trojan.GenericKDZ.31129
AVBitDefenderTrojan.GenericKDZ.31129
AVEmsisoftTrojan.GenericKDZ.31129
AVEmsisoftTrojan.GenericKDZ.31129
AVBitDefenderTrojan.GenericKDZ.31129
AVRisingno_virus
AVArcabit (arcavir)Trojan.GenericKDZ.31129

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.21.23.127
DNSeurope.pool.ntp.org
Type: A
192.53.103.108
DNSeurope.pool.ntp.org
Type: A
195.154.41.195
DNSeurope.pool.ntp.org
Type: A
95.128.246.41
DNSnorth-america.pool.ntp.org
Type: A
128.138.141.172
DNSnorth-america.pool.ntp.org
Type: A
24.56.178.140
DNSnorth-america.pool.ntp.org
Type: A
104.131.53.252
DNSnorth-america.pool.ntp.org
Type: A
104.236.52.16
DNSsouth-america.pool.ntp.org
Type: A
66.60.22.202
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.4
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSsouth-america.pool.ntp.org
Type: A
201.49.148.135
DNSasia.pool.ntp.org
Type: A
218.186.3.36
DNSasia.pool.ntp.org
Type: A
218.189.210.3
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
192.248.1.162
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSoceania.pool.ntp.org
Type: A
121.0.0.41

Raw Pcap

Strings