Analysis Date2015-08-02 21:33:03
MD5a8e17b342861d9b8f4709fc3b4ea8569
SHA1acc4178665b8fc1689fd2f7d5901a139da08af5f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: 3f88dd252172708ff27732813d3fe4dd sha1: bbcd3ffd7591aa1da8252bdbb7ea672c3c53fd76 size: 324608
SectionDATA md5: ad18a45e57bf1e5c7ab73d5e3223ed27 sha1: eddfc85c15f5b186894b6f63d8dfd09c4d607e15 size: 15360
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 5727b8b73800b306a210cdbd1c954ea4 sha1: 59aca4b901d4c7526240798f9e8869a5c8fe3212 size: 8704
Section.tls md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rdata md5: e3e2dd9de1b274984963c7f3f9a98032 sha1: f415beb88fe8f05add3688b755b867e5d447a956 size: 512
Section.reloc md5: d35fdff823a71d10a4f898d477011da1 sha1: 0452e1240d606d62ea928b9f2339955a63526ed1 size: 23552
Section.rsrc md5: 543dec5c70e3fadd0a5092f47968c72e sha1: 0d0bfd3263d7e41a7c37a66589f630137d0b27c6 size: 226304
Timestamp1992-06-19 22:22:17
PackerBorland Delphi
PEhash7d77a6de387f3ff893c178002323987d4537eed4
IMPhashdd88e763897539355e6f4577fe70ad64
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)BDS/Poisonivy.E.423
AVTwisterTrojan.59FC19C4455936A7
AVAd-AwareTrojan.Generic.KDV.165427
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)no_virus
AVGrisoft (avg)Win32/DH{gQwuAw8F}
AVSymantecBackdoor.Trojan
AVFortinetW32/Malware_fam.NB
AVBitDefenderTrojan.Generic.KDV.165427
AVK7no_virus
AVMicrosoft Security EssentialsBackdoor:Win32/Poison.E
AVMicroWorld (escan)Trojan.Generic.KDV.165427
AVMalwareBytesno_virus
AVAuthentiumno_virus
AVFrisk (f-prot)no_virus
AVIkarusVirus.Win32.Poison
AVEmsisoftTrojan.Generic.KDV.165427
AVZillya!Trojan.Agent.Win32.144917
AVKasperskyTrojan.Win32.Generic
AVTrend Microno_virus
AVCAT (quickheal)Backdoor.Poisonivy
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Generic.KDV.165427
AVArcabit (arcavir)Trojan.Generic.KDV.165427
AVClamAVBC.Heuristic.Trojan.SusPacked.BF-6.B
AVDr. WebTrojan.DownLoader5.19194
AVF-SecureTrojan.Generic.KDV.165427
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\kaspel7yjtk ➝
C:\Documents and Settings\Administrator\My Documents\Win_Update_KB7yjtk.exe
Creates FileC:\Documents and Settings\Administrator\My Documents\Win_Update_KB7yjtk.exe
Creates Mutex)!VfqA.I7

Process
↳ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Creates File\Device\Afd\Endpoint

Process
↳ C:\WINDOWS\Explorer.EXE

Creates Process"C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Network Details:

DNSaimi.biz
Type: A
208.48.81.133
DNSaimi.biz
Type: A
208.48.81.134
DNSaimi.biz
Type: A
208.48.81.179
DNSaimi.biz
Type: A
64.15.205.100
DNSaimi.biz
Type: A
64.15.205.101
DNSdddrmt.ddo.jp
Type: A
Flows TCP192.168.1.1:1032 ➝ 208.48.81.133:3460
Flows TCP192.168.1.1:1033 ➝ 210.199.63.78:3460

Raw Pcap
0x00000000 (00000)   33a61a62 52fbda09 d5863d1a c846c421   3..bR.....=..F.!
0x00000010 (00016)   e4361f86 ff471e79 37c672b9 ef320206   .6...G.y7.r..2..
0x00000020 (00032)   81914f57 679974a9 96698b3d f093029c   ..OWg.t..i.=....
0x00000030 (00048)   4194405a 4e04087e ad9f6050 0534d2f1   A.@ZN..~..`P.4..
0x00000040 (00064)   aec4bb3b 1fa4ede4 ecc8dac2 9cad6d31   ...;..........m1
0x00000050 (00080)   15868993 7fb7fb6b c11e1252 32d4ee77   .......k...R2..w
0x00000060 (00096)   1a741bd5 aa0177b2 bdeb895c 5965c674   .t....w....\Ye.t
0x00000070 (00112)   cddfabc1 64e2255b ac803559 d8646c4c   ....d.%[..5Y.dlL
0x00000080 (00128)   33dd1f5b 85878468 df0b2182 82b0fb81   3..[...h..!.....
0x00000090 (00144)   55c6fb25 9a966472 db9f362d e5f9fe79   U..%..dr..6-...y
0x000000a0 (00160)   16c92be4 ab5147c5 fd783ab5 3dd91cde   ..+..QG..x:.=...
0x000000b0 (00176)   49165737 7560cd21 7ba5b6e8 c1bd94fe   I.W7u`.!{.......
0x000000c0 (00192)   0474b48a d16216bf f8d1934b 8a5ea77e   .t...b.....K.^.~
0x000000d0 (00208)   f1f40f4a 09f485a2 3d8e5b7d 2ba8cdb2   ...J....=.[}+...
0x000000e0 (00224)   3b0d2406 e556061c f2b192cf b6480dce   ;.$..V.......H..
0x000000f0 (00240)   d584ed90 65ad1642 5008f6              ....e..BP..

0x00000000 (00000)   9bc330e4 f5dfb93c fde1d829 797e51d2   ..0....<...)y~Q.
0x00000010 (00016)   554026d3 0c85b0e9 3e833a52 d6013d7e   U@&.....>.:R..=~
0x00000020 (00032)   d8eb55ce a55ee948 b8e2f710 9baf12c6   ..U..^.H........
0x00000030 (00048)   ae3df70a 0eb711ce b9b31b77 aa6cdc81   .=.........w.l..
0x00000040 (00064)   53530b52 8acaccbc 7139a141 f35d1aa1   SS.R....q9.A.]..
0x00000050 (00080)   e91aaf90 3920f373 19ae651f 7c3263d1   ....9 .s..e.|2c.
0x00000060 (00096)   4df24647 312b1245 8d341da7 5eb412bc   M.FG1+.E.4..^...
0x00000070 (00112)   eac859ff 6d68ec5d 066523f0 246aa437   ..Y.mh.].e#.$j.7
0x00000080 (00128)   40fbaeab 5e45774d a93bc22b 3fd5fa93   @...^EwM.;.+?...
0x00000090 (00144)   7d565f8b 1aa2f461 1be26708 a3d24f44   }V_....a..g...OD
0x000000a0 (00160)   4708e527 bdaca1aa 717daafb c8202c7e   G..'....q}... ,~
0x000000b0 (00176)   adc04223 0c7a075d 16428332 468c8d94   ..B#.z.].B.2F...
0x000000c0 (00192)   d24bfbb1 c781259d 78d08a8d 60f5bd8a   .K....%.x...`...
0x000000d0 (00208)   4d1880ea 49083977 406e9a5f 21c10e03   M...I.9w@n._!...
0x000000e0 (00224)   adbb7f48 aa5128fc fc6378ce 521cd29a   ...H.Q(..cx.R...
0x000000f0 (00240)   5f4282a0 304152cc 0b841be9 3f780243   _B..0AR.....?x.C
0x00000100 (00256)                                         


Strings