Analysis Date2016-01-28 18:46:36
MD579faa262003d05ec96c2f071c7678c23
SHA1a3284f1701bb720da7e82b1c3be9addd64ce11af

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.code md5: 7580f88c4e358e7fe07c6a4b423191d3 sha1: 3e36289aa8e3950b1d979d098f6bb27d3a7b0d9c size: 1024
Section.text md5: fbc33798800d09752211be98fae3ec60 sha1: 1912b9faba79c6c53d9c7ecde35c2f77c2093ac8 size: 2048
Section.data md5: 2ab01b1eb6dee3912fa0754c0bb729c5 sha1: 36afc99919797199dafb498813ce8d6bb65eedb6 size: 49152
Section.rsrc md5: 7071db9f601b99f361be97ec4c5f83d8 sha1: 872dff7a6a88f48564d0c4983f4a45cb62b2eeea size: 23040
Timestamp2016-01-22 15:48:36
VersionLegalCopyright: Counterweight Fever
InternalName: Apodal
FileVersion: 42.72.77.5579
CompanyName: Patroness
LegalTrademarks: Unsuspected Bruskly
Comments: Nodus Moisturized Sandpapers Disobeys
ProductName: Spectrometric Plaint Undergirding Subtending
ProductVersion: 37.9.79.66
FileDescription: Surprisers
OriginalFilename: Onions
PEhash0385eced0c30c64b8a37b42856b421b081b129d4
IMPhash1560c537f120c4a2af93986db8fec055
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/Crypt.ZPACK.181451
AVTwisterNo Virus
AVAd-AwareTrojan.GenericKD.3007737
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.ELOT
AVGrisoft (avg)Crypt_s.KNW
AVSymantecNo Virus
AVFortinetW32/Kryptik.ELOT!tr
AVBitDefenderTrojan.GenericKD.3007737
AVK7Trojan ( 004dc8641 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)No Virus
AVMalwareBytesWorm.Gamarue
AVAuthentiumNo Virus
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Crypt
AVEmsisoftTrojan.GenericKD.3007737
AVZillya!No Virus
AVKasperskyNo Virus
AVTrend MicroNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVBullGuardTrojan.GenericKD.3007737
AVArcabit (arcavir)Trojan.GenericKD.3007737
AVClamAVNo Virus
AVDr. WebNo Virus
AVF-SecureTrojan.GenericKD.3007737
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
92.222.75.33
DNSeurope.pool.ntp.org
Type: A
109.74.192.233
DNSeurope.pool.ntp.org
Type: A
217.113.121.169
DNSeurope.pool.ntp.org
Type: A
46.182.19.75
DNSnorth-america.pool.ntp.org
Type: A
74.117.214.3
DNSnorth-america.pool.ntp.org
Type: A
104.232.3.3
DNSnorth-america.pool.ntp.org
Type: A
204.2.134.163
DNSnorth-america.pool.ntp.org
Type: A
71.19.151.74
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
186.71.75.78
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
129.250.35.250
DNSasia.pool.ntp.org
Type: A
157.7.235.92
DNSoceania.pool.ntp.org
Type: A
103.242.68.69
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
54.252.165.245
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSafrica.pool.ntp.org
Type: A
41.79.80.34
DNSafrica.pool.ntp.org
Type: A
168.167.71.131
DNSafrica.pool.ntp.org
Type: A
196.10.55.57
DNSafrica.pool.ntp.org
Type: A
196.192.32.7

Raw Pcap

Strings