Analysis Date2016-03-15 01:23:14
MD53bf0d57fcef45fe3a079336a7d8b1795
SHA1b3308e9ed366369b28164c11b0333f1367d23dba

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a224f26eccd393b9d73108c439fa3f3c sha1: 0865a43c72007ad733953246b474f68ce22af939 size: 31744
Section.data md5: a3adb176ac30abed8f5b4ee7b6d6f6d6 sha1: be688c481d2fa8a9f544766feadace5a240de015 size: 4096
Section.rdatat md5: b8de1872f17481964d218f2357bf9453 sha1: d6b27d0ad6a9119611d94ce8c8d5e2835d5385c9 size: 10752
Section.rsrc md5: abdf8d556a80c9c7118193cd9709e34e sha1: 50a2f8aef8f3f8a8a79e37897995f342c0a9ac4e size: 1024
Section.reloc md5: a95520d92bc7b7503b8843a1962017f5 sha1: b7a3037457d8798ebc5306cdd320dfae426a5412 size: 5120
Timestamp2016-03-09 09:57:11
VersionLegalCopyright: Copyright (C) 2016
InternalName: gergeregeex.exe
FileVersion: 1.0.0.1
CompanyName: TODO: <Company name>
ProductName: TODO: <Product name>
ProductVersion: 1.0.0.1
FileDescription: TODO: <File description>
OriginalFilename: gergeregeex.exe
PackerMicrosoft Visual C++ ?.?
PEhashd9eea82fee4a2cd3f7096bebb58089e580080f83
IMPhash56826823b72660820f9cdfad50a950cf
AVMicrosoft Security EssentialsBackdoor:Win32/Drixed.M
AVRisingNo Virus
AVMcafeeNo Virus
AVMicroWorld (escan)No Virus
AVMalwareBytesRansom.FileLocker
AVAvira (antivir)TR/AD.Gamarue.Y.1803
AVIkarusNo Virus
AVFrisk (f-prot)No Virus
AVAuthentiumNo Virus
AVEmsisoftGen:Variant.Razy.29654
AVTwisterNo Virus
AVAd-AwareGen:Variant.Razy.29654
AVZillya!Trojan.Dridex.Win32.502
AVKasperskyNo Virus
AVTrend MicroNo Virus
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Injector.CUBX
AVGrisoft (avg)Generic_r.IAI
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVSymantecNo Virus
AVBullGuardGen:Variant.Razy.29654
AVArcabit (arcavir)Gen:Variant.Razy.29654
AVFortinetW32/Injector.CTZL!tr
AVClamAVNo Virus
AVBitDefenderGen:Variant.Razy.29654
AVDr. WebTrojan.Dridex.351
AVK7Trojan ( 004d86461 )
AVF-SecureGen:Variant.Razy.29654
AVCA (E-Trust Ino)Gen:Variant.Razy.29654

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
78.46.37.9
DNSeurope.pool.ntp.org
Type: A
82.193.117.90
DNSeurope.pool.ntp.org
Type: A
91.218.89.74
DNSeurope.pool.ntp.org
Type: A
95.46.198.21
DNSnorth-america.pool.ntp.org
Type: A
128.113.28.67
DNSnorth-america.pool.ntp.org
Type: A
132.163.4.101
DNSnorth-america.pool.ntp.org
Type: A
64.120.57.249
DNSnorth-america.pool.ntp.org
Type: A
104.232.3.3
DNSsouth-america.pool.ntp.org
Type: A
190.228.30.178
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSasia.pool.ntp.org
Type: A
218.186.3.36
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSasia.pool.ntp.org
Type: A
82.200.209.194
DNSasia.pool.ntp.org
Type: A
129.250.35.250

Raw Pcap

Strings