Analysis Date2015-10-31 17:06:14
MD5545a7395925a7359c1b73460b9e8d1c4
SHA1a9d91e2e0b21f256f031fc6ef85a468bb096e1ba

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: fc4433d553d3094ebd9fd91a1a0e8e3a sha1: 54ea91305e94b73c5191b8aeff4ba7b47709ec9b size: 13824
Section.rsrc md5: 347e6b3ab197ee96b9262b745f44efdd sha1: 84fc8e2436fbc7c04f15ce632a448cec2c2ab4c0 size: 5120
Timestamp2013-09-30 08:50:44
PackerPECompact 2.0x Heuristic Mode -> Jeremy Collake
PEhasha0881ad552ec59fd14f2691fd6e2638f74252970
IMPhash09d0478591d4f788cb3e5ea416c25237
AVCA (E-Trust Ino)Win32/Nitol.WNSQXT
AVF-SecureGeneric.ServStart.6990F2FC
AVDr. WebTrojan.DownLoader11.3375
AVClamAVWin.Trojan.Agent-724125
AVArcabit (arcavir)Generic.ServStart.6990F2FC
AVBullGuardGeneric.ServStart.6990F2FC
AVPadvishno_virus
AVVirusBlokAda (vba32)BScope.P2P-Worm.Palevo
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Vehidis.bf
AVZillya!Trojan.Vehidis.Win32.131
AVEmsisoftGeneric.ServStart.6990F2FC
AVIkarusTrojan.DoS.CVQ
AVFrisk (f-prot)W32/Threat-HLLIP-based!Maximus
AVAuthentiumW32/Threat-HLLIP.gen!Eldorado
AVMalwareBytesno_virus
AVMicroWorld (escan)Generic.ServStart.6990F2FC
AVMicrosoft Security EssentialsTrojan:Win32/ServStart.G
AVK7Trojan ( 0048c0ff1 )
AVBitDefenderGeneric.ServStart.6990F2FC
AVFortinetW32/ServerStart.DR!tr
AVSymantecBackdoor.Trojan
AVGrisoft (avg)DoS.CVQ
AVEset (nod32)Win32/ServStart.DR
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGeneric.ServStart.6990F2FC
AVRisingno_virus
AVTwisterTrojan.3F6D1636388D8899
AVAvira (antivir)DDoS/Nitol.B.907
AVMcafeeno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint

Network Details:

DNSutem7.eicp.net
Type: A
174.128.255.231
DNS6.j8ip.com
Type: A
Flows TCP192.168.1.1:1054 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1068 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1082 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1096 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1110 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1124 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1139 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1153 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1166 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1181 ➝ 174.128.255.231:1678
Flows TCP192.168.1.1:1195 ➝ 174.128.255.231:1678

Raw Pcap

Strings