Analysis Date2015-11-06 11:59:54
MD548a73b39a2967ecfc3431e730caa0853
SHA1b55049ec347c390c91a9830e5f0bfe1a2f905756

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1c06f68952e7522bc45b95fbdb04a771 sha1: d258827fd5c392ffe3dcf4f1449e21e891f4063e size: 91648
Section.data md5: e81c66ac987239944da2c14fd7922b60 sha1: 1ad361cd355e8910326e6226fd46070fbaa376ee size: 13824
Timestamp2014-05-31 12:31:24
PackerBorland Delphi 3.0 (???)
PEhash116a987b94742dc2dc70da2f65af8769a0798806
IMPhashcc409225ca1dea2fbd99a60a57a52e8c
AVMalwareBytesNo Virus
AVPadvishNo Virus
AVIkarusGen.Trojan
AVMalwareBytesNo Virus
AVMicrosoft Security EssentialsTrojan:Win32/Dorv.B!rfn
AVMicroWorld (escan)Trojan.Inject.IA
AVFortinetW32/Cutwail.RU!tr
AVGrisoft (avg)Generic33.BHIZ
AVK7Trojan ( 003acb9d1 )
AVKasperskyTrojan.Win32.Generic
AVMcafeeCutwail-FECR!48A73B39A296
AVMicrosoft Security EssentialsTrojan:Win32/Dorv.B!rfn
AVF-SecureTrojan.Inject.IA
AVMicroWorld (escan)Trojan.Inject.IA
AVEset (nod32)Win32/Wigon.DC
AVEset (nod32)Win32/Wigon.DC
AVFrisk (f-prot)No Virus
AVGrisoft (avg)Generic33.BHIZ
AVFortinetW32/Cutwail.RU!tr
AVIkarusGen.Trojan
AVK7Trojan ( 003acb9d1 )
AVKasperskyTrojan.Win32.Generic
AVF-SecureTrojan.Inject.IA
AVMcafeeCutwail-FECR!48A73B39A296
AVAd-AwareTrojan.Inject.IA
AVBullGuardTrojan.Inject.IA
AVBullGuardTrojan.Inject.IA
AVAlwil (avast)Cutwail-CW [Trj]
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVCA (E-Trust Ino)No Virus
AVCA (E-Trust Ino)No Virus
AVAuthentiumW32/S-ea74dc5f!Eldorado
AVAlwil (avast)Cutwail-CW [Trj]
AVCAT (quickheal)Trojan.Generic.01761
AVCAT (quickheal)Trojan.Generic.01761
AVAd-AwareTrojan.Inject.IA
AVAvira (antivir)TR/Proxy.Gen
AVClamAVNo Virus
AVClamAVNo Virus
AVAvira (antivir)TR/Proxy.Gen
AVFrisk (f-prot)No Virus
AVDr. WebBackDoor.Bulknet.739
AVDr. WebBackDoor.Bulknet.739
AVArcabit (arcavir)Trojan.Inject.IA
AVBitDefenderTrojan.Inject.IA
AVEmsisoftTrojan.Inject.IA
AVEmsisoftTrojan.Inject.IA
AVBitDefenderTrojan.Inject.IA
AVArcabit (arcavir)Trojan.Inject.IA
AVPadvishNo Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort ➝
65534
Creates File\Device\Afd\Endpoint
Creates Mutexapgwxc60043

Network Details:

DNSmxs.mail.ru
Type: A
217.69.139.150
DNSmxs.mail.ru
Type: A
94.100.180.150
DNSalt4.gmail-smtp-in.l.google.com
Type: A
173.194.72.26
DNSgmail-smtp-in.l.google.com
Type: A
64.233.166.26
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.71
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.72
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.73
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.74
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.75
DNSin1.smtp.messagingengine.com
Type: A
66.111.4.70
DNSmail7.digitalwaves.co.nz
Type: A
Flows TCP192.168.1.1:1031 ➝ 217.69.139.150:25
Flows TCP192.168.1.1:1032 ➝ 173.194.72.26:25
Flows TCP192.168.1.1:1033 ➝ 64.233.166.26:25

Raw Pcap

Strings