Analysis Date2015-12-26 14:46:24
MD588b54b1b622b84a2b26710cf52c25018
SHA1a97c1e2af3c975a834e414d086ff0801b0e0aebf

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e886537a37ec6714ec19f7dff31045ba sha1: d29647e5a6eedde87a3003e6cc921b0a64219d7f size: 147968
Section.rdata md5: f38cf313076acb56c39783fcadf2d964 sha1: 1832cad80d205c36cd2e6a0dc4a8391a4c3af9d6 size: 19456
Section.data md5: 76b928b1fb46810b40c23e4493f0591f sha1: 1a1266fcfb761b1598319ae44b9d3d4c1a137319 size: 74752
Section.rsrc md5: efdc4ab494d31aba7978d5cacbba8b25 sha1: 27be3fc700fef7d4603c3a7c49c0f8652fc9d3ba size: 53760
Timestamp2015-11-14 19:03:09
PackerMicrosoft Visual C++ ?.?
PEhash3374e8bf5b286c1c76448e6a04d6b887eacf1da3
IMPhashc9962ec9b760b9fd7cb29b15ebbfd0cc
AVVirusBlokAda (vba32)Backdoor.Androm
AVCAT (quickheal)Worm.Gamarue.r4
AVRisingno_virus
AVZillya!no_virus
AVKasperskyBackdoor.Win32.Androm.irdt
AVClamAVno_virus
AVIkarusTrojan.Crypt
AVMicroWorld (escan)Trojan.GenericKDZ.31203
AVTwisterno_virus
AVEset (nod32)Win32/Kryptik.EEYE
AVMcafeeDrixed-FBW!88B54B1B622B
AVK7Trojan ( 004d6cf01 )
AVAvira (antivir)TR/Crypt.Xpack.319746
AVEmsisoftTrojan.GenericKDZ.31203
AVGrisoft (avg)Crypt_r.ALD
AVMalwareBytesTrojan.MalPack
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVSymantecTrojan.Gen.2
AVTrend Microno_virus
AVBullGuardTrojan.GenericKDZ.31203
AVF-SecureTrojan.GenericKDZ.31203
AVArcabit (arcavir)Trojan.GenericKDZ.31203
AVBitDefenderTrojan.GenericKDZ.31203
AVFortinetW32/Kryptik.EEYE!tr
AVDr. WebBackDoor.Andromeda.662
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVAlwil (avast)Dorder-C [Trj]
AVAd-AwareTrojan.GenericKDZ.31203
AVFrisk (f-prot)no_virus
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Policies\Explorer\Run\317606753 ➝
"C:\Documents and Settings\All Users\msvgqh.exe"\\x00
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\Windows\Load ➝
\\x00
Creates FileC:\Documents and Settings\All Users\116875
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\msvgqh.exe
Creates File\Device\Afd\Endpoint
Deletes FileC:\malware.exe
Winsock DNSmicrosoft.com
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.225.50.68
DNSeurope.pool.ntp.org
Type: A
212.85.158.10
DNSeurope.pool.ntp.org
Type: A
85.214.194.162
DNSeurope.pool.ntp.org
Type: A
88.159.1.197
DNSnorth-america.pool.ntp.org
Type: A
97.107.129.217
DNSnorth-america.pool.ntp.org
Type: A
198.60.22.240
DNSnorth-america.pool.ntp.org
Type: A
50.116.52.97
DNSnorth-america.pool.ntp.org
Type: A
69.164.201.165
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSsouth-america.pool.ntp.org
Type: A
190.15.141.64
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSasia.pool.ntp.org
Type: A
128.199.87.155
DNSasia.pool.ntp.org
Type: A
193.29.53.170
DNSasia.pool.ntp.org
Type: A
218.189.210.3
DNSasia.pool.ntp.org
Type: A
118.189.211.186
DNSoceania.pool.ntp.org
Type: A
202.60.94.11
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
116.68.13.205
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSafrica.pool.ntp.org
Type: A
146.231.129.86
DNSafrica.pool.ntp.org
Type: A
196.10.55.57
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSafrica.pool.ntp.org
Type: A
41.79.80.34
DNSpool.ntp.org
Type: A
198.55.111.5
DNSpool.ntp.org
Type: A
23.31.21.163
DNSpool.ntp.org
Type: A
66.228.42.59
DNSpool.ntp.org
Type: A
96.244.96.19
DNSmicrosoft.com
Type: A
104.43.195.251
DNSmicrosoft.com
Type: A
191.239.213.197
DNSmicrosoft.com
Type: A
23.96.52.53
DNSmicrosoft.com
Type: A
23.100.122.175
DNSmicrosoft.com
Type: A
104.40.211.35
DNSand12.thesuchivestfishmarketeat111.com
Type: A
Flows UDP192.168.1.1:1043 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1044 ➝ 104.43.195.251:80
Flows UDP192.168.1.1:1045 ➝ 8.8.4.4:53

Raw Pcap

Strings