Analysis Date2014-12-06 00:28:14
MD5cfa3b43e9003f97abb82cb347ec908d0
SHA1b446359e94b86590520bd11bd7b5f00e74168aca

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash652d097d808f17bafa961d47eceeb2a60105a380
IMPhashe58ab46f2a279ded0846d81bf0fa21f7
AV360 SafeTrojan.Encpk.Gen.1
AVAd-AwareTrojan.Encpk.Gen.1
AVAlwil (avast)Inject-AZK [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardTrojan.Encpk.Gen.1
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.KillProc.29554
AVEmsisoftTrojan.Encpk.Gen.1
AVEset (nod32)Win32/Injector.APIV
AVFortinetW32/Injector.ATCM!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Encpk.Gen.1
AVGrisoft (avg)Generic35.ABRN
AVIkarusVirus.Win32.VBInject
AVK7Trojan ( 0048d3e61 )
AVKasperskyTrojan.Win32.VBKrypt.uigm
AVMalwareBytesTrojan.Backdoor.VB
AVMcafeeGeneric-FANR!CFA3B43E9003
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.1
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecno_virus
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)Trojan.VBKrypt

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
...
..
..[..!
...

.00.0454
040904B0
5.00.0454
CompanyName
FileVersion
ggergbbneghe
ggergherh
InternalName
OriginalFilename
ProductName
ProductVersion
project2
roject2.exe
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
?{,(#"
&04(Ns
-(05/P
05+{vKE16~
&08'LR
]0bI!}*
$0c#he
0?&HqoB
0JE$c2
?!0jJimW
0`??kImG:O	
0L(V#0%3{
!0Pg>F#
0qV)R!6,
0,ty_!
0W[z{d%Z
\%0xX+
0yz4sM
0#ZR*	V
"1]56\
1`5+q/
1Bs!(Wi
1	gEp(
1IRw43#
@%,@1p	
1'r!Hp
1ruz,[
1srd}T
1sT"u8
~1UUh]D"I
1&w?7G
!1}'x8
1X]{ewfN!w
|;2:(^
2</9S>
2ewVFn
2geN7E
&2s53K
[@2sCz-
'!2se )
2'_U0{
3/2}Cam
36jWR9K
"3EQ/XY
,	3e<_S
3jFImkf[
3pq&	"#
&\3`+V
	44Mt}
4e*aWD^
4FLl+`
4SOi;_
?^5~{#
52pK+-
5C978N
5=D6*<
'_5Fqh
5Ki3W@
=&5$+Qx
5v\8/H
5	y@qW
+_@@6	 *
:62}8>"
65+{:/
6 ''':j
6nR$I3	k
6P0cpE
792:~m
/7a'(CeI
"*7[#C
7`g7&GV
7JIGL<
7O]w|~
/7UB\r
=!7wD>4
7}x[yl
7,YI)2[
!#$8PC
8?RzF62*o
90~=]>
!96NBd
9;$6zYl
9A9(bK
9aGOn#
9K0>7]EvJq
9K^T3*
!=9L*#
9[LaG}
9l$\w_
9-+Ms6
9P|WBC
9U4f^bP\
9wJ4@@)
^a1mNBe
a2[-u5
a:6TgX
a7%YoTv:
)*aAlz
<	ABFY
ACDW%%
 )AfSy
A	g^\Q\
aN"x:$y}
,-}#APX
aqxW\.ow
\araQ:<
ash@s,
b1fOkUO
B_'23\
Bb5PC&
bEL:w {r
BJB<v])
Bj\*$P
,BL|CN
#B-(OO
b=,r1F
'B<$Rc
bR>vlG
-:{bt?
b[-u.je
byQ{</
BZ`1#r
bZTWYT
C24V(-
@C@5HL<~
cF#qJ~:
C-imuH
'c`jEZY)dP
$ cOmdNdWM
?*c]?S
Ct-g#d
CT='|V?L
<(cz4+(!<
d%a|k$
dFR<`f
.)D$H)
djj(+viA
DMO`TTU
D$t+D$\
D$t#D$h
*DWp~w
]E7fK%
E7kjNG
-e+AEO
E>c	*_
&eCQ2Gs&
+ef"c*f
>"ekmrm
EMkfQE
E]@prs\ac
EU3Eaj
E=~U&MF
ExitProcess
])]f?~>
f_5H~|c
f8^T'_
FA&j6<D-f<D
f;@c'L
Feg!E!
%FeH+9
F|,eX/:
Fi[JJB
Fi&`>p
?_&F-j
FmZvWn
 fo:\9
fq|3|9
F'@uU}
[fZ`L>
G30U{Sd
g9P/)~0
gb0Pe5
'}GBV;
:?G$DgG
GetProcAddress
GI,tcD
GjQYu:@m
_gL.><
	_:{G=l
]-GRtJ9
^G'[TV
G"v(Qw
g,vzDQ
G)W<G2
GWp[dY
!g-X;NW
gxvM|A
{h"7bQ
h$9JVxP`E
HcW\b}/
h$e=Je-M
helnigimseing
helnigimseing12UQQSQWUXXRTVWUVWUVUUOTUTWSSVOQQWOXPUTXWUSUOSTTPOhelnigimseing
)hFfkQ
<H?OA5
ho*izeo
H!PuZL
Hr80Tbe
?HtVAN
h&W.gE
.I0ty3
i39*2~
i*5$- 
	Ibu0w
+iey5p
Ifqdsr
i(+iCa
|?i~IQ
@!il~`
+ILE\m
I^{Lq"}
];iM3O
iNw3{E
IOYAY3
:iq:S]
I"qWAi
i S]	1QE
I~'t36o5
iVn-C'My
&iV]XL0
`:i	Z<:w
/ J7d2/o
J.(d}(
J*f	zp"d]
}jgg`U
jKicYjv
&JNx5%
J@o#$	
_{Jp@bxWI
(j_s9Y.
JT)pZMJbiM
j t!u"p
ju8]7JR2
[j~-?};y
k0)0+&
~/	KAs
	kaT_/<
k	c13;
kDLCk^
KERNEL32.DLL
@K-f>&
?Kf"N,
k}/G.>r
kJ^i^&
<KRC?$
KrF;aL
$)kr,Wm
kv:?1e
Kydf*n
>.l,	.
?L	.,$
l1gr_<
L2Oc/b)
'?l[4e
l`4qH%
Lac@Go
l'?CaPp
LGWl6]
{LHQCf
L&i1M>
L}O0^|
LoadLibraryA
l[s4A@
lS$UjmB
L+tErG
LwuUF4`
M1'`^U
M'%,: 5
mAt\zC^
MKfe,d
mq")@Z
MSVBVM60.DLL
^]mT\-
mw[Wl6~u
 mxKth
!M?z85
-,%#N"
n8!5,4d
NBvI~8
$N-FJH
n-G|EKP
>n **H
,Ninjj
\(NJ#E
+n?>jQX
nNTnyl
NOpk8,v
Nrq{PvUi
nV(FPB
nX"RuZ
o3x4hr&s
%o]B)S
 OD!u:
O.Fm6<
:OL;at
'~oMAY
o[nB[3GZ7
`'ov7$
OV\bEI
~oVE6+A
o:	x-cHC
O/Y;g?k
Oz"ahf|N{
P:3`[KP
p:4L7y	P
P8KrG7
p-_)8r
:?.+PDQ
pgu(\	
piPymyk
PJLez$
$p+.mL
	PO%N>
p^rV^\(b
  pSEub
ps%y94
^P(*V({)
@P.VXW
$:p>=X
`p[xc?Y
[p_ZS\
q@<3A!
q9h3v\
q	#Adk
qbY9PF
Qc\aYE
QF7^fk
qf"N_\
qFQ_+|
qG80UBB
Qh!*qD
qk+iAl
QL\q4>5
"qoAb\
qTQ8f4
!r0sxf
R3_OL.
|R*;7;u
&R93[;.:
rAZhsV
{R{EH%Mg
RI?1%8
![\RI4h
r'j6VH
r<\O$c5;
!Rr;.TF;L
RsrtG2
RTO"&6
RW:Z'Co
?rZ9	]87S
SA1f,m)
SCmchmw
Sd	KAc
-'SFd'
sgz2aG
*s%K#V=
s`)L$4
=S+?lwd
sqry,n
;+ST=0
syP(`1K
SystemParametersInfoW
TDk|E[N
tDTdM8
td-W[;
tG9/38
!This program cannot be run in DOS mode.
tK|44a
t`M'Xu
t_NDfA$
t-sU;(
t$t#t$l
tU\2l_c
]T}X!M
u1QZbSVR
(u1:Xl
u^6dpP
*uanV!
ubJO[pa
uD.!A;d
Uh(/4Z$
uj[-xC;
u Jx<d%y
>\UL\h(
U-mjr 
USer32.DlL
(uSN5k
ut9C%s
UVm8hB
U y4B_y
uYr}*>Rb
Uz@u5,
!Uz!Ue`
V5DPu?k
]VCa7wof"
v[d@Va
VGL2DK
vIMn83
VirtualAlloc
VirtualFree
VirtualProtect
V~`	l8
vp?3plk
VPc[p5
) vtW'
VX*	`w
}\W,^{
w%\\	7
*w^{a\
%WaeP=i
WaJg+m)
_(w,f 
wGCf4QZO
W\:[h%
w$Hu.3
w/:$ m1I
|?W+'<NhJ
wo;[av
WPdeE']
wQP[	za"Gw
w<QtSZ*
Wsqdji
<(w\uu
:`Wv!j!
,wY	Rr
>;]_*x
"`X\,<
x{5Q/s
x<]'&8x
xD@c4]
X=EnHE
XmE>Xx
xNJHs[
XPTPSW
Xt`0B}D
XtI^S>m
XXj5Jw
x=y/`r
Y1:tTy
|y83Xl
Y~ AG)
.Yb`]]
Y"kQ}~jS
y|O+D|T;
&_Y s}
YVqq6M?L?
y?{W`[/
YW0>3|
Zgb<yP
@zImm:
z^IyR$
[%$ZJx
z&Jy^(&
(ZLUNH]v
)ZMx*ZT
ZOd	g6
<zoTEtu
z?&P+9P
Z,Vg%G
zXAboP#;
zXHIyT-
z&ZD/;
\:ZZ.N?