Analysis Date2016-04-26 20:29:35
MD5af4ef3a9d9a92c468396b63f1d15e53a
SHA1a911090b3968ba83b2900c555c6ef03473c20f46

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Sectioncode md5: 9de7bb0ab044417e9b4d597b4b252bb9 sha1: 258b1256601b4b935c62761f1f3b2a8e38660b52 size: 8704
Sectiondata md5: d68aee2767e14408ec681b058c3d293c sha1: 1ae91bcf9a34b33396ea5fa70801dee13543917b size: 13824
Section.idata md5: 9427b81195544411a67dbfb5bf7d1687 sha1: 8d43c7474941d335408c45e6cd69e832de1cdcb7 size: 3072
Timestamp2014-04-30 16:29:02
PackerFSG v1.10 (Eng) -> dulek/xt
PEhashe50b46db9008c5295187fd2dcf314fc1dd05255a
IMPhashbac78d68d76cec273167912251c74570
AVCA (E-Trust Ino)Gen:Trojan.Heur.bmX@XkO1m4p
AVF-SecureGen:Trojan.Heur.bmX@XkO1m4p
AVDr. WebNo Virus
AVClamAVWin.Trojan.Agent-1365616
AVArcabit (arcavir)Gen:Trojan.Heur.bmX@XkO1m4p
AVBullGuardGen:Trojan.Heur.bmX@XkO1m4p
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)No Virus
AVTrend MicroNo Virus
AVKasperskyTrojan.Win32.Generic
AVZillya!Trojan.Yakes.Win32.43992
AVEmsisoftGen:Trojan.Heur.bmX@XkO1m4p
AVIkarusTrojan.Win32.Shyape
AVFrisk (f-prot)No Virus
AVAuthentiumNo Virus
AVMalwareBytesTrojan.Sakurel
AVMicroWorld (escan)Trojan.Generic.15602795
AVMicrosoft Security EssentialsBackdoor:Win32/Plugx.N!dha
AVK7Trojan ( 004b944d1 )
AVBitDefenderGen:Trojan.Heur.bmX@XkO1m4p
AVFortinetW32/Shyape.J!tr
AVSymantecPacked.Generic.482
AVGrisoft (avg)BackDoor.Generic18.BZGZ
AVEset (nod32)Win32/Shyape.J
AVAlwil (avast)Cleaman-K [Trj]
AVAd-AwareGen:Trojan.Heur.bmX@XkO1m4p
AVTwisterNo Virus
AVAvira (antivir)TR/Agent.29864.1
AVMcafeeBackDoor-FCLT!AF4EF3A9D9A9
AVRisingNo Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe
Creates Processcmd.exe /c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MicroMedia" /t REG_SZ /d "C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe"
Creates Processcmd.exe /c ping 127.0.0.1 & del "C:\malware.exe"
Creates Processcmd.exe /c "C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe"

Process
↳ cmd.exe /c "C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe"

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe

Process
↳ cmd.exe /c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MicroMedia" /t REG_SZ /d "C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe"

Creates Processreg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MicroMedia" /t REG_SZ /d "C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe"

Process
↳ reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MicroMedia" /t REG_SZ /d "C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe"

Process
↳ cmd.exe /c ping 127.0.0.1 & del "C:\malware.exe"

Creates Processping 127.0.0.1

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe

Process
↳ ping 127.0.0.1

Winsock DNS127.0.0.1

Network Details:


Raw Pcap

Strings