Analysis Date2015-10-07 14:03:02
MD52e41bde0b19fca10d5ad663236660c07
SHA1b39c980373ca4d7791664578e766e3dbbee61d58

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 403c2d134dae5e82df845f33d1bf0a29 sha1: 9dd95e428478e0e41e6e71a670f4bf66bb2f7165 size: 3072
Section.rdata md5: c30075859a524b6a89d743128cee71f4 sha1: 8f4c2d94a20e6e0b82c340e2d24d0d47da65ef0c size: 512
Section.data md5: 57a03c3badd011614504826ac9ab846e sha1: 4a689048361644c6697c68e765e8dca4eff855a4 size: 512
Section.rsrc md5: 92f03723b68a79d6c5b622dac4bb9a83 sha1: 3d1dbb310bfe2df2f4e3483a44f75ef4007f037c size: 32256
Section.reloc md5: 8a41fc8a3e852ad112f9bfcbef2d8cf0 sha1: 4452454635ce60dd17135b76fe6268625547da1d size: 512
Timestamp2005-11-09 23:46:26
PackerPE Diminisher v0.1
PEhashc5971e099f8be45ca9f64c04aa5ca8a56ace4a26
IMPhash23cf40211ef81287fd50a6b0a21b76a2
AVRisingno_virus
AVMcafeeDownloader-FAKI!2E41BDE0B19F
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVTwisterTrojan.B332A3B8D66B44C7
AVAd-AwareTrojan.Generic.KDZ.8618
AVAlwil (avast)Downloader-SNX [Trj]
AVEset (nod32)Win32/Wigon.PH
AVGrisoft (avg)SHeur4.BBHW
AVSymantecTrojan.Gen
AVFortinetW32/Pushdo.PKG!tr
AVBitDefenderTrojan.Generic.KDZ.8618
AVK7Backdoor ( 0040f0931 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVMicroWorld (escan)Trojan.Generic.KDZ.8618
AVMalwareBytesTrojan.Ransom.Gen
AVAuthentiumW32/Trojan.OZWF-8394
AVFrisk (f-prot)no_virus
AVIkarusBackdoor.Win32.Pushdo
AVEmsisoftTrojan.Generic.KDZ.8618
AVZillya!Backdoor.Pushdo.Win32.279
AVKasperskyTrojan.Win32.Generic
AVTrend MicroBKDR_PUSHDO.SMJ
AVCAT (quickheal)Trojan.Cutwail.AQ
AVVirusBlokAda (vba32)Backdoor.Pushdo
AVPadvishno_virus
AVBullGuardTrojan.Generic.KDZ.8618
AVArcabit (arcavir)Trojan.Generic.KDZ.8618
AVClamAVno_virus
AVDr. WebTrojan.Siggen4.62953
AVF-SecureTrojan.Generic.KDZ.8618
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\receruptilxo ➝
C:\Documents and Settings\Administrator\receruptilxo.exe
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
Creates FileC:\Documents and Settings\Administrator\receruptilxo.exe
Creates File\Device\Afd\Endpoint
Creates Mutexreceruptilxo

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.176.126
DNSsmtp.live.com
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.176.126:25

Raw Pcap

Strings