Analysis Date | 2016-02-09 21:15:33 |
---|---|
MD5 | ac56628e63f85ecc8a4a403131d555da |
SHA1 | bd06e5d304ad775a3f7d1aaaaa1bc6af1bae9d8e |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 3d93cfcad5f70ae8b3eafc5b1f8c80e6 sha1: 00a07dc0b28e846641ecc8c5975991e5a389da56 size: 190976 | |
Section | .rdata md5: 28d960a0ca0fcc2d5603d3e12bed5d4c sha1: 6fb025679be2f1cc3e9c7b0af1bb8eb1f7352282 size: 16896 | |
Section | .data md5: 07b5472d347d42780469fb2654b7fc54 sha1: 943ae54f4818e52409fbbaf60ffd71318d966b0d size: 512 | |
Section | .reloc md5: ecb36ffde386948773a6b2f226e388f9 sha1: 09c906b4bae1464b9dedbcd9fd092a13dcfbe5aa size: 30720 | |
Timestamp | 2016-01-06 17:07:35 | |
PEhash | a7431ffcebdca606a4f8eceece3eb62cd85ba899 | |
IMPhash | 5b8e0283f60ddbb03bc3f60e8db16fe5 | |
AV | CA (E-Trust Ino) | No Virus |
AV | Rising | No Virus |
AV | Mcafee | Trojan-FHPX!AC56628E63F8 |
AV | Avira (antivir) | No Virus |
AV | Twister | No Virus |
AV | Ad-Aware | Gen:Variant.Razy.12226 |
AV | Alwil (avast) | Win32:Malware-gen |
AV | Eset (nod32) | Win32/Bayrob.AT.gen |
AV | Grisoft (avg) | Win32/Heur |
AV | Symantec | Trojan.Bayrob!gen6 |
AV | Fortinet | W32/Bayrob.AQ!tr |
AV | BitDefender | Gen:Variant.Razy.12226 |
AV | K7 | Trojan ( 004db0c61 ) |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.DG |
AV | MicroWorld (escan) | Gen:Variant.Kazy.390560 |
AV | MalwareBytes | No Virus |
AV | Authentium | W32/Nivdort.G.gen!Eldorado |
AV | Emsisoft | Gen:Variant.Razy.12226 |
AV | Frisk (f-prot) | W32/Nivdort.G.gen!Eldorado |
AV | Ikarus | Trojan.Win32.Bayrob |
AV | Zillya! | No Virus |
AV | Kaspersky | Trojan.Win32.Bayrob.scf |
AV | Trend Micro | No Virus |
AV | VirusBlokAda (vba32) | No Virus |
AV | CAT (quickheal) | No Virus |
AV | BullGuard | Gen:Variant.Kazy.390560 |
AV | Arcabit (arcavir) | Gen:Variant.Razy.12226 |
AV | ClamAV | No Virus |
AV | Dr. Web | No Virus |
AV | F-Secure | Gen:Variant.Razy.12226 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\pmbznhte\ggzyfq |
---|---|
Creates File | C:\WINDOWS\pmbznhte\ggzyfq |
Creates File | C:\pmbznhte\h11oa1ld3iahsqdtjxyvi.exe |
Deletes File | C:\WINDOWS\pmbznhte\ggzyfq |
Creates Process | C:\pmbznhte\h11oa1ld3iahsqdtjxyvi.exe |
Process
↳ C:\pmbznhte\h11oa1ld3iahsqdtjxyvi.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Workstation Collector Intelligent Auto-Discovery ➝ C:\pmbznhte\udnmage.exe |
---|---|
Creates File | C:\pmbznhte\tokd5dmu1 |
Creates File | C:\pmbznhte\ggzyfq |
Creates File | C:\WINDOWS\pmbznhte\ggzyfq |
Creates File | C:\pmbznhte\udnmage.exe |
Creates File | PIPE\lsarpc |
Deletes File | C:\WINDOWS\pmbznhte\ggzyfq |
Creates Process | C:\pmbznhte\udnmage.exe |
Creates Service | Time Image Update PNRP Registrar Web WinHTTP - C:\pmbznhte\udnmage.exe |
Process
↳ Pid 804
Process
↳ Pid 852
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | pipe\PCHFaultRepExecPipe |
---|
Process
↳ Pid 1112
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1864
Process
↳ Pid 1180
Process
↳ C:\pmbznhte\udnmage.exe
Creates File | C:\pmbznhte\gcmawfsvluxj |
---|---|
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\pmbznhte\tokd5dmu1 |
Creates File | C:\pmbznhte\ggzyfq |
Creates File | C:\WINDOWS\pmbznhte\ggzyfq |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\pmbznhte\nikgllmi.exe |
Deletes File | C:\WINDOWS\pmbznhte\ggzyfq |
Creates Process | v6oyuamibljo "c:\pmbznhte\udnmage.exe" |
Process
↳ C:\pmbznhte\udnmage.exe
Creates File | C:\pmbznhte\ggzyfq |
---|---|
Creates File | C:\WINDOWS\pmbznhte\ggzyfq |
Deletes File | C:\WINDOWS\pmbznhte\ggzyfq |
Process
↳ v6oyuamibljo "c:\pmbznhte\udnmage.exe"
Creates File | C:\pmbznhte\ggzyfq |
---|---|
Creates File | C:\WINDOWS\pmbznhte\ggzyfq |
Deletes File | C:\WINDOWS\pmbznhte\ggzyfq |
Network Details:
Raw Pcap
Strings