Analysis Date2015-08-13 05:06:46
MD52072d0d6b6e1dc3762b71b4105aff0dc
SHA1b5d9a8b187e8c60eeb54d14172ddb818d6682c70

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8248b5cf89ca7cb1d4dad2654f2db1f7 sha1: a8ed47414964505bde13c6661004ede32703e69f size: 512
Section.rdata md5: ab29002ea2e7c0d91a2bde1d817ca366 sha1: ced738602e81801744fe86d982895b06b7ce5a58 size: 104960
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.reloc md5: 9a4760d3041e6a0a3311f9bebf38fab8 sha1: 43e4ab5bc19a4413dce8695f92f7e4a0480637cb size: 512
Timestamp2014-04-25 13:59:36
PackerBorland Delphi 3.0 (???)
PEhash1a43470255bbd861b6601e7df35ca42f31b78ac6
IMPhash5d907e4f447d6c7f2275c3923df49f63
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.306055
AVDr. WebTrojan.PWS.Ibank.809
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.306055
AVBullGuardGen:Variant.Kazy.306055
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend MicroBKDR_PLUGX.EO
AVKasperskyBackdoor.Win32.Gulpix.alc
AVZillya!Trojan.FakeAV.Win32.316308
AVEmsisoftGen:Variant.Kazy.306055
AVIkarusWin32.SuspectCrc
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesError Scanning File
AVMicroWorld (escan)Gen:Variant.Kazy.306055
AVMicrosoft Security Essentialsno_virus
AVK7Trojan ( 004967951 )
AVBitDefenderGen:Variant.Kazy.306055
AVFortinetW32/FakeAV.BVQC!tr
AVSymantecTrojan.Gen
AVGrisoft (avg)Crypt3.LMO
AVEset (nod32)Win32/Kryptik.BVQC
AVAlwil (avast)MalOb-HP [Cryp]
AVAd-AwareGen:Variant.Kazy.306055
AVTwisterVirus.56576A406800100000.mg
AVAvira (antivir)TR/Dropper.Gen
AVMcafeeRDN/Generic FakeAlert
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates ProcessC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates MutexGlobal\ufkaq

Process
↳ C:\Documents and Settings\All Users\DRM\XXX\.exe

Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates MutexGlobal\gbunwodqgillmltcd
Creates MutexGlobal\wylurrybkdlyonkut
Creates MutexGlobal\ommdvtuqnjwvdfajh
Creates MutexGlobal\sodkb
Creates MutexGlobal\yomxamirg
Creates MutexGlobal\ssmuagced
Creates MutexGlobal\mschu
Creates MutexGlobal\aabhnqurdbfoh
Creates MutexGlobal\ypuijjqib
Creates MutexGlobal\stuxkwabijxwwaxrh
Creates MutexGlobal\wubqw
Creates MutexGlobal\uimnyxkbx
Creates MutexGlobal\ufkaq
Creates MutexGlobal\mticc
Creates MutexGlobal\iqlpefsfveadljlia
Creates MutexGlobal\mwmjwuuwpuvcczsph
Creates MutexGlobal\sslavrbgy
Creates MutexGlobal\ojkxy

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040248.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040242.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040218.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040222.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX\nprqyjadoqkp
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040237.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040227.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040212.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20150813040233.jpg
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexGlobal\000000010000000000000100
Creates MutexMMMM
Winsock DNS127.0.0.1

Network Details:

Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53

Raw Pcap

Strings