Analysis Date2015-10-29 08:29:50
MD5c2c7dc93dee42d90b6c3514722ff3672
SHA1ace4c11a175b7be39b1ad536019a71967094ff6c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash3c2dc10e4926deac196afcdd9795d6a674a708fa
IMPhashd5457eeea56d0c64e40250d044842848
AVRisingno_virus
AVMcafeeRDN/Generic.bfr
AVAvira (antivir)TR/Inject.sbbeipj
AVTwisterTrojan.Injector.CGGL.nbcc
AVAd-AwareGen:Variant.Symmi.56551
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Injector.CGCW
AVGrisoft (avg)Inject3.LS
AVSymantecno_virus
AVFortinetW32/Injector.CGIW!tr
AVBitDefenderGen:Variant.Symmi.56551
AVK7Trojan ( 004cb6451 )
AVMicrosoft Security EssentialsTrojan:Win32/Carberp!rfn
AVMicroWorld (escan)Gen:Variant.Symmi.56551
AVMalwareBytesTrojan.Bunitu
AVAuthentiumW32/Injector.SIVL-5508
AVFrisk (f-prot)W32/Injector.VZ
AVIkarusTrojan.Win32.Injector
AVEmsisoftGen:Variant.Symmi.56551
AVZillya!no_virus
AVKasperskyTrojan.Win32.Generic
AVTrend Microno_virus
AVCAT (quickheal)Trojan.Carberp.r4
AVVirusBlokAda (vba32)TrojanProxy.Glupteba
AVPadvishno_virus
AVBullGuardGen:Variant.Symmi.56551
AVArcabit (arcavir)Gen:Variant.Symmi.56551
AVClamAVno_virus
AVDr. WebBackDoor.Siggen.59488
AVF-SecureGen:Variant.Symmi.56551
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
21150727\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Process
↳ C:\malware.exe

Process
↳ C:\malware.exe

Network Details:

HTTP GEThttp://162.253.66.242:27042/stat?uid=100&downlink=1111&uplink=1111&id=0034FDEB&statpass=bpass&version=21150727&features=30&guid=9e1edd5a-2116-4bbf-92ee-e5b3ab9b83e1&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://82.194.70.56:38271/stat?uid=100&downlink=1111&uplink=1111&id=0035123E&statpass=bpass&version=21150727&features=30&guid=9e1edd5a-2116-4bbf-92ee-e5b3ab9b83e1&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://184.72.33.126:42386/stat?uid=100&downlink=1111&uplink=1111&id=003525D5&statpass=bpass&version=21150727&features=30&guid=9e1edd5a-2116-4bbf-92ee-e5b3ab9b83e1&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://198.24.141.2:40443/stat?uid=100&downlink=1111&uplink=1111&id=0035396D&statpass=bpass&version=21150727&features=30&guid=9e1edd5a-2116-4bbf-92ee-e5b3ab9b83e1&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://81.27.85.118:49126/stat?uid=100&downlink=1111&uplink=1111&id=00354D05&statpass=bpass&version=21150727&features=30&guid=9e1edd5a-2116-4bbf-92ee-e5b3ab9b83e1&comment=21150727&p=0&s=
User-Agent:
HTTP GEThttp://95.154.208.91:14229/stat?uid=100&downlink=1111&uplink=1111&id=0035609C&statpass=bpass&version=21150727&features=30&guid=9e1edd5a-2116-4bbf-92ee-e5b3ab9b83e1&comment=21150727&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 162.253.66.242:27042
Flows TCP192.168.1.1:1031 ➝ 162.253.66.242:27042
Flows TCP192.168.1.1:1032 ➝ 82.194.70.56:38271
Flows TCP192.168.1.1:1033 ➝ 184.72.33.126:42386
Flows TCP192.168.1.1:1034 ➝ 198.24.141.2:40443
Flows TCP192.168.1.1:1035 ➝ 81.27.85.118:49126
Flows TCP192.168.1.1:1036 ➝ 95.154.208.91:14229

Raw Pcap

Strings