Analysis Date2015-11-19 00:08:22
MD580ac3776571fe2277fdc2fa4f0cafa5d
SHA1a1dce42f0b689454f629c92deaca047e99674004

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e7087168a8d894fc3d1e338dd0a99967 sha1: 608f7704f61d655639e229d19a2819a7d907064b size: 11296
Section.data md5: 8cdf408a1021ef5df477de467b3898bf sha1: 465099ab90e3143307775f2de315c4d06223d44f size: 6226
Section.rsrc md5: 18ce4c15ef475a19dd69283e48ee5d36 sha1: df52d5788f2b0b0a3016834a7599ed73623275b4 size: 18120
Timestamp2014-01-20 08:07:31
PEhashb67c62e062558153d53aeef5ff58178cdb75b8e0
IMPhashdf0e79d97f00107506f8943f65032731
AVCA (E-Trust Ino)no_virus
AVCA (E-Trust Ino)no_virus
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeUpatre-FACU!80AC3776571F
AVAvira (antivir)TR/Dldr.Waski.ionbc
AVTwisterTrojan.QKK.ca.rwao.mg
AVAd-AwareGen:Variant.Symmi.51619
AVAlwil (avast)Dyre-K [Trj]
AVEset (nod32)Win32/Kryptik.DHMH
AVGrisoft (avg)Crypt5.HGX
AVSymantecDownloader
AVFortinetW32/Kryptik.DHMH!tr
AVBitDefenderGen:Variant.Symmi.51619
AVK7Trojan ( 004c16241 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVMicroWorld (escan)Gen:Variant.Symmi.51619
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.M.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.M.gen!Eldorado
AVIkarusTrojan-Downloader.Win32.Upatre
AVEmsisoftGen:Variant.Symmi.51619
AVZillya!Downloader.CTBLocker.Win32.6
AVKasperskyTrojan-Downloader.Win32.Upatre.sby
AVTrend MicroTROJ_UPATRE.SMTR
AVCAT (quickheal)Trojan.Bagsu.013322
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Symmi.51619
AVArcabit (arcavir)Gen:Variant.Symmi.51619
AVClamAVno_virus
AVDr. WebTrojan.Upatre.9088
AVF-SecureGen:Variant.Symmi.51619
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeUpatre-FACU!80AC3776571F
AVAvira (antivir)TR/Dldr.Waski.ionbc
AVTwisterTrojan.QKK.ca.rwao.mg
AVAd-AwareGen:Variant.Symmi.51619
AVAlwil (avast)Dyre-K [Trj]
AVEset (nod32)Win32/Kryptik.DHMH
AVGrisoft (avg)Crypt5.HGX
AVSymantecDownloader
AVFortinetW32/Kryptik.DHMH!tr
AVBitDefenderGen:Variant.Symmi.51619
AVK7Trojan ( 004c16241 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVMicroWorld (escan)Gen:Variant.Symmi.51619
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.M.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.M.gen!Eldorado

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2405_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1220 -e 148 -g
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 192

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 192

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1220 -e 148 -g

Network Details:


Raw Pcap

Strings