Analysis Date2016-04-13 14:20:48
MD5982fb71e403ae6b5ff1e6ce240dd9c03
SHA1ac24bd739a54af9bfac4b88819083b7a675f2ad3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f46c3de9ecfa56726fc17800b4f3be15 sha1: eec60338e2a93256b050d42f51ffe993d41a9a49 size: 66048
Section.rdata md5: a6432b8819ffd98e68c9dd4b349277c2 sha1: bc666229d9b0eb93f3461feebef318d3e624b203 size: 11776
Section.data md5: 172f55889c2081b901db29af9d41f8cc sha1: e1f161048cd641850029943c23a6c6f0b6819ad2 size: 5632
Section.rsrc md5: fa8c9766aa57c421c62de3a02695561b sha1: 42b30b8cd9dc0e5602794c7f8a5477aece48cfc3 size: 16896
Section.reloc md5: 73d82d2c9e902194ba0b32a3df1fd043 sha1: 0b89343f25a22234d6f3991582904eb848965457 size: 7168
Section.reloc8 md5: 053bff919dbc51cc5878b3d4b6ee7432 sha1: f392bca1a63d0601c15efe17eeb108e15e5b48ff size: 38400
Timestamp2016-04-07 05:53:13
VersionLegalCopyright: Copyright (C) 2016
InternalName: Pchild3.exe
FileVersion: 1.0.0.1
CompanyName: TODO: <Company name>
ProductName: TODO: <Product name>
ProductVersion: 1.0.0.1
FileDescription: TODO: <File description>
OriginalFilename: Pchild3.exe
PackerMicrosoft Visual C++ ?.?
PEhash3e93d7ac67a648bd1b6c34b0ad1af63b1452c043
IMPhashbef8c640826c8aa8544afd412a9f4490
AVMicroWorld (escan)Trojan.GenericKD.3143888
AVRisingNo Virus
AVVirusBlokAda (vba32)Backdoor.Androm
AVAvira (antivir)TR/Locky.CG.65
AVCAT (quickheal)Backdoor.Androm.r6
AVBullGuardTrojan.GenericKD.3143888
AVArcabit (arcavir)Trojan.A
AVMalwareBytesBackdoor.Bot
AVAuthentiumW32/Trojan.PUOT-4857
AVF-SecureTrojan.GenericKD.3143888
AVGrisoft (avg)Generic_r.IMH
AVAlwil (avast)Dorder-AF [Trj]
AVZillya!Backdoor.Androm.Win32.33475
AVEmsisoftBackdoor.Win32.Androm
AVBitDefenderTrojan.GenericKD.3143888
AVAd-AwareTrojan.GenericKD.3143888
AVFortinetMalicious_Behavior.VEX.89
AVMcafeeRDN/Trojan-FIGF
AVFrisk (f-prot)W32/Trojan3.UMR
AVTrend MicroTSPY_SH.4B44C100
AVClamAVNo Virus
AVK7Trojan-Downloader ( 004cfc7c1 )
AVKasperskyTrojan.Win32.Generic
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVDr. WebTrojan.DownLoader20.49870
AVCA (E-Trust Ino)Trojan.GenericKD.3143888
AVEset (nod32)Win32/TrojanDownloader.Wauchos.BD
AVSymantecBackdoor.Trojan
AVTwisterNo Virus
AVIkarusTrojan.Win32.Crypt

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
195.154.191.32
DNSeurope.pool.ntp.org
Type: A
212.18.3.19
DNSeurope.pool.ntp.org
Type: A
83.168.200.199
DNSeurope.pool.ntp.org
Type: A
109.75.223.1
DNSnorth-america.pool.ntp.org
Type: A
45.79.109.111
DNSnorth-america.pool.ntp.org
Type: A
52.0.56.137
DNSnorth-america.pool.ntp.org
Type: A
52.32.41.191
DNSnorth-america.pool.ntp.org
Type: A
138.236.128.112
DNSsouth-america.pool.ntp.org
Type: A
201.49.148.135
DNSsouth-america.pool.ntp.org
Type: A
168.96.251.226
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSasia.pool.ntp.org
Type: A
36.55.235.15
DNSasia.pool.ntp.org
Type: A
139.162.23.6
DNSasia.pool.ntp.org
Type: A
202.156.0.34
DNSasia.pool.ntp.org
Type: A
203.82.48.83

Raw Pcap

Strings