Analysis Date2016-02-13 00:43:01
MD5b132e923c55528ead0164dbd009bf281
SHA1ac9ae07ada02a589199835bffac4fbf773e9721e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4ba298c34a140981d2bc60d2143a4d3e sha1: 5de87ca9352a116d75b972589de6c248fc9c307e size: 77824
Section.rdata md5: a6ba58b96f47aebb8f4fe525a3c58e34 sha1: 4c30e78966ef59aeb59e46b0fbefbf1ae26b4a18 size: 8192
Section.data md5: f229070ce371eb929d9ebecc660ed0ef sha1: fd9bec104078e2cdd2fff012d39e802383687336 size: 4096
Section.rsrc md5: 623f0683be526993bb03c4f071b13b9e sha1: 395c7f76dbb6b9925a5ed76e41756f1e24c32370 size: 16384
Timestamp2008-04-04 18:06:26
PackerMicrosoft Visual C++ v6.0
PEhashb87d726c69f98f7caef27aa55ffea3971d19d41c
IMPhash99d4e3d8aaa46548d2a5f29a7a2d51a7
AVAd-AwareTrojan.Cripack.Gen.1
AVDr. WebTrojan.DownLoad3.35231
AVKasperskyTrojan.Win32.Yakes.oxqo
AVAuthentiumNo Virus
AVEmsisoftTrojan.Cripack.Gen.1
AVK7Trojan ( 004b9edf1 )
AVTrend MicroNo Virus
AVEset (nod32)Win32/Kryptik.DCNY
AVIkarusTrojan.Win32.Glupteba
AVAlwil (avast)Win32:Malware-gen
AVFortinetW32/Kryptik.DEYP!tr
AVGrisoft (avg)Crypt4.CMR
AVAvira (antivir)TR/ATRAPS.Gen4
AVFrisk (f-prot)No Virus
AVF-SecureTrojan.Cripack.Gen.1
AVSymantecTrojan.Gen
AVVirusBlokAda (vba32)No Virus
AVBitDefenderTrojan.Cripack.Gen.1
AVZillya!No Virus
AVBullGuardTrojan.Cripack.Gen.1
AVRisingNo Virus
AVMicroWorld (escan)Trojan.Cripack.Gen.1
AVCA (E-Trust Ino)Trojan.Cripack.Gen.1
AVMicrosoft Security EssentialsTrojan:Win32/Carberp.I
AVArcabit (arcavir)Trojan.Cripack.Gen.1
AVCAT (quickheal)Trojan.Tinba.WR4
AVMcafeePacked-EJ!B132E923C555
AVTwisterTrojan.Girtk.DCQB.bmqi
AVClamAVNo Virus
AVMalwareBytesTrojan.Agent.ALTV

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
15150319\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://149.126.74.93:15539/stat?uid=100&downlink=1111&uplink=1111&id=00016869&statpass=bpass&version=15150319&features=30&guid=2a273c48-c133-4545-9a47-08ed310ad76b&comment=15150319&p=0&s=
User-Agent:
HTTP GEThttp://77.222.131.36:33376/stat?uid=100&downlink=1111&uplink=1111&id=00017C30&statpass=bpass&version=15150319&features=30&guid=2a273c48-c133-4545-9a47-08ed310ad76b&comment=15150319&p=0&s=
User-Agent:
HTTP GEThttp://109.104.94.2:11754/stat?uid=100&downlink=1111&uplink=1111&id=00018FC7&statpass=bpass&version=15150319&features=30&guid=2a273c48-c133-4545-9a47-08ed310ad76b&comment=15150319&p=0&s=
User-Agent:
HTTP GEThttp://212.175.87.184:49205/stat?uid=100&downlink=1111&uplink=1111&id=0001A36F&statpass=bpass&version=15150319&features=30&guid=2a273c48-c133-4545-9a47-08ed310ad76b&comment=15150319&p=0&s=
User-Agent:
HTTP GEThttp://209.80.40.160:45872/stat?uid=100&downlink=1111&uplink=1111&id=0001B706&statpass=bpass&version=15150319&features=30&guid=2a273c48-c133-4545-9a47-08ed310ad76b&comment=15150319&p=0&s=
User-Agent:
HTTP GEThttp://108.178.15.186:45297/stat?uid=100&downlink=1111&uplink=1111&id=0001CA9E&statpass=bpass&version=15150319&features=30&guid=2a273c48-c133-4545-9a47-08ed310ad76b&comment=15150319&p=0&s=
User-Agent:
HTTP GEThttp://82.103.138.14:10579/stat?uid=100&downlink=1111&uplink=1111&id=0001DE35&statpass=bpass&version=15150319&features=30&guid=2a273c48-c133-4545-9a47-08ed310ad76b&comment=15150319&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 149.126.74.93:15539
Flows TCP192.168.1.1:1031 ➝ 149.126.74.93:15539
Flows TCP192.168.1.1:1032 ➝ 77.222.131.36:33376
Flows TCP192.168.1.1:1033 ➝ 109.104.94.2:11754
Flows TCP192.168.1.1:1034 ➝ 212.175.87.184:49205
Flows TCP192.168.1.1:1035 ➝ 209.80.40.160:45872
Flows TCP192.168.1.1:1036 ➝ 108.178.15.186:45297
Flows TCP192.168.1.1:1037 ➝ 82.103.138.14:10579

Raw Pcap
0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303136 38363926 73746174 70617373   0016869&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 33313926 66656174 75726573   5150319&features
0x00000060 (00096)   3d333026 67756964 3d326132 37336334   =30&guid=2a273c4
0x00000070 (00112)   382d6331 33332d34 3534352d 39613437   8-c133-4545-9a47
0x00000080 (00128)   2d303865 64333130 61643736 6226636f   -08ed310ad76b&co
0x00000090 (00144)   6d6d656e 743d3135 31353033 31392670   mment=15150319&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303137 43333026 73746174 70617373   0017C30&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 33313926 66656174 75726573   5150319&features
0x00000060 (00096)   3d333026 67756964 3d326132 37336334   =30&guid=2a273c4
0x00000070 (00112)   382d6331 33332d34 3534352d 39613437   8-c133-4545-9a47
0x00000080 (00128)   2d303865 64333130 61643736 6226636f   -08ed310ad76b&co
0x00000090 (00144)   6d6d656e 743d3135 31353033 31392670   mment=15150319&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303138 46433726 73746174 70617373   0018FC7&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 33313926 66656174 75726573   5150319&features
0x00000060 (00096)   3d333026 67756964 3d326132 37336334   =30&guid=2a273c4
0x00000070 (00112)   382d6331 33332d34 3534352d 39613437   8-c133-4545-9a47
0x00000080 (00128)   2d303865 64333130 61643736 6226636f   -08ed310ad76b&co
0x00000090 (00144)   6d6d656e 743d3135 31353033 31392670   mment=15150319&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303141 33364626 73746174 70617373   001A36F&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 33313926 66656174 75726573   5150319&features
0x00000060 (00096)   3d333026 67756964 3d326132 37336334   =30&guid=2a273c4
0x00000070 (00112)   382d6331 33332d34 3534352d 39613437   8-c133-4545-9a47
0x00000080 (00128)   2d303865 64333130 61643736 6226636f   -08ed310ad76b&co
0x00000090 (00144)   6d6d656e 743d3135 31353033 31392670   mment=15150319&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303142 37303626 73746174 70617373   001B706&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 33313926 66656174 75726573   5150319&features
0x00000060 (00096)   3d333026 67756964 3d326132 37336334   =30&guid=2a273c4
0x00000070 (00112)   382d6331 33332d34 3534352d 39613437   8-c133-4545-9a47
0x00000080 (00128)   2d303865 64333130 61643736 6226636f   -08ed310ad76b&co
0x00000090 (00144)   6d6d656e 743d3135 31353033 31392670   mment=15150319&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303143 41394526 73746174 70617373   001CA9E&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 33313926 66656174 75726573   5150319&features
0x00000060 (00096)   3d333026 67756964 3d326132 37336334   =30&guid=2a273c4
0x00000070 (00112)   382d6331 33332d34 3534352d 39613437   8-c133-4545-9a47
0x00000080 (00128)   2d303865 64333130 61643736 6226636f   -08ed310ad76b&co
0x00000090 (00144)   6d6d656e 743d3135 31353033 31392670   mment=15150319&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..

0x00000000 (00000)   47455420 2f737461 743f7569 643d3130   GET /stat?uid=10
0x00000010 (00016)   3026646f 776e6c69 6e6b3d31 31313126   0&downlink=1111&
0x00000020 (00032)   75706c69 6e6b3d31 31313126 69643d30   uplink=1111&id=0
0x00000030 (00048)   30303144 45333526 73746174 70617373   001DE35&statpass
0x00000040 (00064)   3d627061 73732676 65727369 6f6e3d31   =bpass&version=1
0x00000050 (00080)   35313530 33313926 66656174 75726573   5150319&features
0x00000060 (00096)   3d333026 67756964 3d326132 37336334   =30&guid=2a273c4
0x00000070 (00112)   382d6331 33332d34 3534352d 39613437   8-c133-4545-9a47
0x00000080 (00128)   2d303865 64333130 61643736 6226636f   -08ed310ad76b&co
0x00000090 (00144)   6d6d656e 743d3135 31353033 31392670   mment=15150319&p
0x000000a0 (00160)   3d302673 3d204854 54502f31 2e300d0a   =0&s= HTTP/1.0..
0x000000b0 (00176)   0d0a                                  ..


Strings