Analysis Date | 2016-01-29 07:32:53 |
---|---|
MD5 | c08d2be5aca8991c2dabbafb69837518 |
SHA1 | b1cc8b1b47e9575ce902a003aa71c293a851eb34 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 17810b03c3f5d182a40f374e1569cf7b sha1: 1ea5faa438b33d733e8e74cdd4a781e7afa01320 size: 182272 | |
Section | .rdata md5: 99086435e1152799a9c3433e3f552ad6 sha1: 50e2bd632cb7a2fe72f23a513d47de987f63a643 size: 2560 | |
Section | .data md5: c0936d528b07e75917005e04767e2b75 sha1: 27027d94b3dc48fda492c82668eb6d02759cf073 size: 14848 | |
Section | .reloc md5: b369e41432794873a3e5d1cd89941b1f sha1: eb2a67258e2063cad263d874db0773201cb28279 size: 30208 | |
Timestamp | 2014-04-20 21:33:29 | |
PEhash | 4f004977dddf61c5326329bb46f3257998be0f53 | |
IMPhash | 7084047b32499464cc4493e828877f0e | |
AV | CA (E-Trust Ino) | No Virus |
AV | Rising | No Virus |
AV | Mcafee | Trojan-FHQT!C08D2BE5ACA8 |
AV | Avira (antivir) | No Virus |
AV | Twister | No Virus |
AV | Ad-Aware | Gen:Variant.Kazy.788903 |
AV | Alwil (avast) | Vupa [Cryp] |
AV | Eset (nod32) | Win32/Bayrob.BA |
AV | Grisoft (avg) | Generic37.ACAG |
AV | Symantec | Trojan.Bayrob!gen6 |
AV | Fortinet | W32/Bayrob.AT!tr |
AV | BitDefender | Gen:Variant.Kazy.788903 |
AV | K7 | Trojan ( 004dc2a31 ) |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.DA |
AV | MicroWorld (escan) | Gen:Variant.Kazy.788903 |
AV | MalwareBytes | No Virus |
AV | Authentium | W32/Nivdort.G.gen!Eldorado |
AV | Emsisoft | Gen:Variant.Kazy.788903 |
AV | Frisk (f-prot) | W32/Nivdort.G.gen!Eldorado |
AV | Ikarus | Trojan.Win32.Bayrob |
AV | Zillya! | No Virus |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Trend Micro | No Virus |
AV | VirusBlokAda (vba32) | No Virus |
AV | CAT (quickheal) | No Virus |
AV | BullGuard | Gen:Variant.Kazy.788903 |
AV | Arcabit (arcavir) | Gen:Variant.Kazy.788903 |
AV | ClamAV | No Virus |
AV | Dr. Web | Trojan.DownLoader19.9658 |
AV | F-Secure | Gen:Variant.Kazy.788903 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\qnaqgzcaz\jge61l29wxevzeyer.exe |
---|---|
Creates File | C:\qnaqgzcaz\keqjdvcnvhn |
Creates File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Deletes File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Creates Process | C:\qnaqgzcaz\jge61l29wxevzeyer.exe |
Process
↳ C:\qnaqgzcaz\jge61l29wxevzeyer.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Connections Redirector Manager Receiver ➝ C:\qnaqgzcaz\gndkkjd.exe |
---|---|
Creates File | C:\qnaqgzcaz\keqjdvcnvhn |
Creates File | C:\qnaqgzcaz\gndkkjd.exe |
Creates File | C:\qnaqgzcaz\esaxhy |
Creates File | PIPE\lsarpc |
Creates File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Deletes File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Creates Process | C:\qnaqgzcaz\gndkkjd.exe |
Creates Service | Time UserMode Acquisition WebClient - C:\qnaqgzcaz\gndkkjd.exe |
Process
↳ Pid 808
Process
↳ Pid 852
Process
↳ C:\WINDOWS\System32\svchost.exe
Process
↳ Pid 1112
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Process
↳ Pid 1864
Process
↳ Pid 1140
Process
↳ C:\qnaqgzcaz\gndkkjd.exe
Creates File | pipe\net\NtControlPipe10 |
---|---|
Creates File | C:\qnaqgzcaz\nzgqvyac6bfb |
Creates File | C:\qnaqgzcaz\keqjdvcnvhn |
Creates File | C:\qnaqgzcaz\esaxhy |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\qnaqgzcaz\vkenxpwu.exe |
Creates File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Deletes File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Creates Process | eymfbzcv3jhr "c:\qnaqgzcaz\gndkkjd.exe" |
Process
↳ C:\qnaqgzcaz\gndkkjd.exe
Creates File | C:\qnaqgzcaz\keqjdvcnvhn |
---|---|
Creates File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Deletes File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Process
↳ eymfbzcv3jhr "c:\qnaqgzcaz\gndkkjd.exe"
Creates File | C:\qnaqgzcaz\keqjdvcnvhn |
---|---|
Creates File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Deletes File | C:\WINDOWS\qnaqgzcaz\keqjdvcnvhn |
Network Details:
Raw Pcap
Strings