Analysis Date | 2016-02-24 07:26:41 |
---|---|
MD5 | 2e7df51c03e9ea682b55488bbee5d3c6 |
SHA1 | bc2c912f1a66fd2e56f67543da4ae33024901458 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 1458a77902a9402114f06f465fba074d sha1: 36b9a6c7d0f3ee8382cb7bdb6c44b61304e1420b size: 220160 | |
Section | .rdata md5: bb98a8407c20c1d26cabb2ed43b5bcf9 sha1: 9681de0b02c3d11bfaf30c0767477508b5e6f759 size: 18432 | |
Section | .data md5: 07b5472d347d42780469fb2654b7fc54 sha1: 943ae54f4818e52409fbbaf60ffd71318d966b0d size: 512 | |
Section | .reloc md5: 9cfe5329de1aa0d0fde21ca1f498289e sha1: 2359bb7017f2ce3728ccb32e73ff944253fa3279 size: 41472 | |
Timestamp | 2016-01-03 13:58:46 | |
PEhash | 6e72e57d7f4a1bc575d30e1d0dd1c0c7f55e3605 | |
IMPhash | cf4214bb49ab1df2fd1a464ad4e5539c | |
AV | Fortinet | W32/Bayrob.AQ!tr |
AV | MicroWorld (escan) | Gen:Variant.Razy.11545 |
AV | F-Secure | Gen:Variant.Razy.11545 |
AV | MalwareBytes | No Virus |
AV | Mcafee | Trojan-FHOH!2E7DF51C03E9 |
AV | Ikarus | Trojan.Win32.Bayrob |
AV | Trend Micro | No Virus |
AV | Dr. Web | No Virus |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.DD |
AV | Authentium | W32/BayRob.D.gen!Eldorado |
AV | Grisoft (avg) | Win32/Heur |
AV | Twister | No Virus |
AV | BullGuard | Gen:Variant.Razy.11545 |
AV | Zillya! | No Virus |
AV | Frisk (f-prot) | W32/BayRob.D.gen!Eldorado |
AV | Kaspersky | Trojan.Win32.Generic |
AV | CAT (quickheal) | TrojanSpy.Nivdort.WR4 |
AV | ClamAV | No Virus |
AV | Eset (nod32) | Win32/Bayrob.AT.gen |
AV | Alwil (avast) | Win32:Malware-gen |
AV | CA (E-Trust Ino) | Gen:Variant.Razy.11545 |
AV | BitDefender | Gen:Variant.Razy.11545 |
AV | Emsisoft | Gen:Variant.Razy.11545 |
AV | Symantec | Trojan.Bayrob!gen6 |
AV | K7 | Trojan ( 004db0c61 ) |
AV | Ad-Aware | Gen:Variant.Razy.11545 |
AV | Avira (antivir) | TR/Nivdort.A.29268 |
AV | Arcabit (arcavir) | Gen:Variant.Razy.11545 |
AV | VirusBlokAda (vba32) | No Virus |
AV | Rising | No Virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\bvzifnducsnfxm\prkgvffxk |
---|---|
Creates File | C:\bvzifnducsnfxm\vt1kd2ip9zvl1kd.exe |
Creates File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Deletes File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Creates Process | C:\bvzifnducsnfxm\vt1kd2ip9zvl1kd.exe |
Process
↳ C:\bvzifnducsnfxm\vt1kd2ip9zvl1kd.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Print Keying iSCSI Adapter ➝ C:\bvzifnducsnfxm\mqfcwhp.exe |
---|---|
Creates File | C:\bvzifnducsnfxm\prkgvffxk |
Creates File | C:\bvzifnducsnfxm\ekixlw |
Creates File | PIPE\lsarpc |
Creates File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Creates File | C:\bvzifnducsnfxm\mqfcwhp.exe |
Deletes File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Creates Process | C:\bvzifnducsnfxm\mqfcwhp.exe |
Creates Service | Store Counter Panel Encrypting Wired - C:\bvzifnducsnfxm\mqfcwhp.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 808
Process
↳ Pid 860
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
---|
Process
↳ Pid 1216
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Process
↳ Pid 1852
Process
↳ Pid 1140
Process
↳ C:\bvzifnducsnfxm\mqfcwhp.exe
Creates File | C:\bvzifnducsnfxm\btcrudiqkv.exe |
---|---|
Creates File | C:\bvzifnducsnfxm\prkgvffxk |
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\bvzifnducsnfxm\ekixlw |
Creates File | C:\bvzifnducsnfxm\be0tm35ti1 |
Creates File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Creates File | \Device\Afd\Endpoint |
Deletes File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Creates Process | y4ydb8vyv4db "c:\bvzifnducsnfxm\mqfcwhp.exe" |
Process
↳ C:\bvzifnducsnfxm\mqfcwhp.exe
Creates File | C:\bvzifnducsnfxm\prkgvffxk |
---|---|
Creates File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Deletes File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Process
↳ y4ydb8vyv4db "c:\bvzifnducsnfxm\mqfcwhp.exe"
Creates File | C:\bvzifnducsnfxm\prkgvffxk |
---|---|
Creates File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Deletes File | C:\WINDOWS\bvzifnducsnfxm\prkgvffxk |
Network Details:
Raw Pcap
Strings