Analysis Date2015-10-03 08:15:51
MD5e1fe1ddf6a2dd85dd288fa8d0dfbf7f2
SHA1a9fd7ed6a4b28c160b8652d238c1b3b68fe1496d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 87e6f5297088bee5465900427f008173 sha1: 6db6d347c89e9f11e5b27cf5c53669e0bd0656d4 size: 6144
Section.data md5: f1ab2370a364765cc01820a3d76a41eb sha1: a4d996a9b0fb0dd7596ff39134925b46637b7774 size: 2048
Section.rdata md5: 01462bbaa54d603bfa3454feccb63fd6 sha1: 3644b510638233ef5a7a8412f53612d28c36dd85 size: 2560
Section.idata md5: c172974ed6f2dd740abed3a81271b941 sha1: bdd328d3ed06a1f8139fb1d4caf29c748da1580d size: 1536
Section.rsrc md5: adc39a152be102eb7a041e991a6d202c sha1: 76189e9a0c3b080a0c8dcac8bfa0acf0dcd1001a size: 5120
Timestamp2004-05-20 06:02:07
PEhash5db9c67966775b552a007fe8a49655e132fff663
IMPhash641a435995118d1e23b199af0b58ecfd
AVCA (E-Trust Ino)Win32/Upatre.CH
AVRisingno_virus
AVMcafeeBackDoor-FBPV!E1FE1DDF6A2D
AVAvira (antivir)TR/Dldr.Upatre.A.67
AVTwisterTrojanDldr.Waski.A.netu
AVAd-AwareTrojan.GenericKD.1510674
AVAlwil (avast)Waski-C [Cryp]
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVGrisoft (avg)Downloader.Generic13.BUTM
AVSymantecTrojan.Zbot
AVFortinetW32/Kryptik.CF!tr
AVBitDefenderTrojan.GenericKD.1510674
AVK7Trojan ( 0040f7411 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.A
AVMicroWorld (escan)Trojan.GenericKD.1510674
AVMalwareBytesTrojan.Email.FakeDoc
AVAuthentiumW32/Trojan.OEJC-5872
AVFrisk (f-prot)W32/Trojan3.HFU
AVIkarusTrojan-Spy.Zbot
AVEmsisoftTrojan.GenericKD.1510674
AVZillya!Downloader.Agent.Win32.184143
AVKasperskyTrojan-Downloader.Win32.Agent.hdyf
AVTrend MicroTROJ_UPATRE.SMZ3
AVCAT (quickheal)TrojanDownloader.Upatre.A6
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.GenericKD.1510674
AVArcabit (arcavir)Trojan.GenericKD.1510674
AVClamAVWin.Trojan.Generickd-2709
AVDr. WebTrojan.DownLoad3.28161
AVF-SecureTrojan.GenericKD.1510674

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\budha.exe
Creates FilePIPE\wkssvc
Creates Process"C:\Documents and Settings\Administrator\Local Settings\Temp\budha.exe"

Process
↳ "C:\Documents and Settings\Administrator\Local Settings\Temp\budha.exe"

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSfindlawenforcement.com
Winsock DNSperfectablets.com

Network Details:

DNSperfectablets.com
Type: A
8.8.8.8
DNSfindlawenforcement.com
Type: A
Flows TCP192.168.1.1:1031 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1032 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1033 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1034 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1035 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1036 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1037 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1038 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1039 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1040 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1041 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1042 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1043 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1044 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1045 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1046 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1047 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1048 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1049 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1050 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1051 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1052 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1053 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1054 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1055 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1056 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1057 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1058 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1059 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1060 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1061 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1062 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1063 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1064 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1065 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1066 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1067 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1068 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1069 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1070 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1071 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1072 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1073 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1074 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1075 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1076 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1077 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1078 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1079 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1080 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1081 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1082 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1083 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1084 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1085 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1086 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1087 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1088 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1089 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1090 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1091 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1092 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1093 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1094 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1095 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1096 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1097 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1098 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1099 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1100 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1101 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1102 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1103 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1104 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1105 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1106 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1107 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1108 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1109 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1110 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1111 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1112 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1113 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1114 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1115 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1116 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1117 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1118 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1119 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1120 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1121 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1122 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1123 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1124 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1125 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1126 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1127 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1128 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1129 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1130 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1131 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1132 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1133 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1134 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1135 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1136 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1137 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1138 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1139 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1140 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1141 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1142 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1143 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1144 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1145 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1146 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1147 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1148 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1149 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1150 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1151 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1152 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1153 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1154 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1155 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1156 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1157 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1158 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1159 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1160 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1161 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1162 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1163 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1164 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1165 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1166 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1167 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1168 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1169 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1170 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1171 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1172 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1173 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1174 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1175 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1176 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1177 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1178 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1179 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1180 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1181 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1182 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1183 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1184 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1185 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1186 ➝ 8.8.8.8:443
Flows TCP192.168.1.1:1187 ➝ 8.8.8.8:443

Raw Pcap

Strings