Analysis Date | 2016-01-28 20:25:25 |
---|---|
MD5 | a24d6de274943911260bdec7bdeae35b |
SHA1 | a83f2c4844738c144b30202bacf6603bec909107 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: e93ad04ce845dcd6c8d2ab7718c79eda sha1: 1d9d68d2ee5587558cf7f07174ba3e39878d0fc4 size: 306176 | |
Section | .rdata md5: d23db4db0a752d8aa693911cd72371a9 sha1: 36a244f29ba883754b021c1fe05a0b01b20c038a size: 26112 | |
Section | .data md5: 7f1d65a27bdb095758851ab3eb48ec04 sha1: ddbc4e36c36e30e9db680b29cdffb009d2005320 size: 20480 | |
Section | .reloc md5: 7b8b77785573edddfc1cf740b710b29b sha1: 6e96f13de54db00c393f331241ff3491f5f4a963 size: 33280 | |
Timestamp | 2014-07-10 15:27:49 | |
Packer | Microsoft Visual C++ 8 | |
PEhash | c99ef3ba1a67a4c9512b3c53253cfdb3ec033b2d | |
IMPhash | bcb584c773b692563cacca0f3946a277 | |
AV | Rising | No Virus |
AV | Mcafee | Trojan-FHRY!A24D6DE27494 |
AV | Avira (antivir) | TR/Boryab.387072.1 |
AV | Twister | No Virus |
AV | Ad-Aware | Gen:Variant.Zusy.141475 |
AV | Alwil (avast) | Win32:Malware-gen |
AV | Eset (nod32) | Win32/Bayrob.BJ |
AV | Grisoft (avg) | Generic37.ZCD |
AV | Symantec | No Virus |
AV | Fortinet | No Virus |
AV | BitDefender | Gen:Variant.Zusy.141475 |
AV | K7 | Trojan ( 004dc2a31 ) |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort!rfn |
AV | MicroWorld (escan) | Gen:Variant.Zusy.141475 |
AV | MalwareBytes | No Virus |
AV | Authentium | W32/Kazy.ES.gen!Eldorado |
AV | Emsisoft | Gen:Variant.Zusy.141475 |
AV | Frisk (f-prot) | W32/Kazy.ES.gen!Eldorado |
AV | Ikarus | Trojan.Win32.Bayrob |
AV | Zillya! | No Virus |
AV | Kaspersky | Trojan.Win32.Swizzor.e |
AV | Trend Micro | No Virus |
AV | VirusBlokAda (vba32) | No Virus |
AV | CAT (quickheal) | No Virus |
AV | BullGuard | Gen:Variant.Zusy.141475 |
AV | Arcabit (arcavir) | Gen:Variant.Zusy.141475 |
AV | ClamAV | No Virus |
AV | Dr. Web | Trojan.DownLoader19.4168 |
AV | F-Secure | Gen:Variant.Zusy.141475 |
AV | CA (E-Trust Ino) | No Virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\afhdftx\p1dk1kiac0itrlbobuuq.exe |
---|---|
Creates File | C:\WINDOWS\afhdftx\nrhmhhji |
Creates File | C:\afhdftx\nrhmhhji |
Deletes File | C:\WINDOWS\afhdftx\nrhmhhji |
Creates Process | C:\afhdftx\p1dk1kiac0itrlbobuuq.exe |
Process
↳ C:\afhdftx\p1dk1kiac0itrlbobuuq.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinHTTP Performance Brightness ➝ C:\afhdftx\gupdcxoqx.exe |
---|---|
Creates File | C:\afhdftx\gupdcxoqx.exe |
Creates File | C:\WINDOWS\afhdftx\nrhmhhji |
Creates File | C:\afhdftx\ehzut3bwvvzy |
Creates File | PIPE\lsarpc |
Creates File | C:\afhdftx\nrhmhhji |
Deletes File | C:\WINDOWS\afhdftx\nrhmhhji |
Creates Process | C:\afhdftx\gupdcxoqx.exe |
Creates Service | Search Power TPM Adapter Configuration Location - C:\afhdftx\gupdcxoqx.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 808
Process
↳ Pid 856
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
---|
Process
↳ Pid 1212
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1864
Process
↳ Pid 1164
Process
↳ C:\afhdftx\gupdcxoqx.exe
Creates File | C:\afhdftx\ztmlnfqx.exe |
---|---|
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\afhdftx\nrhmhhji |
Creates File | C:\afhdftx\ehzut3bwvvzy |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\afhdftx\nrhmhhji |
Creates File | C:\afhdftx\bsojzndspt |
Deletes File | C:\WINDOWS\afhdftx\nrhmhhji |
Creates Process | jmqvpibewwbx "c:\afhdftx\gupdcxoqx.exe" |
Process
↳ C:\afhdftx\gupdcxoqx.exe
Creates File | C:\WINDOWS\afhdftx\nrhmhhji |
---|---|
Creates File | C:\afhdftx\nrhmhhji |
Deletes File | C:\WINDOWS\afhdftx\nrhmhhji |
Process
↳ jmqvpibewwbx "c:\afhdftx\gupdcxoqx.exe"
Creates File | C:\WINDOWS\afhdftx\nrhmhhji |
---|---|
Creates File | C:\afhdftx\nrhmhhji |
Deletes File | C:\WINDOWS\afhdftx\nrhmhhji |
Network Details:
Raw Pcap
Strings