Analysis Date2015-11-17 23:06:18
MD5025f9b45ed5bae66fdb0f28768362b4c
SHA1bdca515c5b3c428313768fc23c478d7c96493195

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c8a4980d6deca11c1749d181f9e606e0 sha1: 269fd4fc8c24807e1be87423de63542452f4daff size: 103936
Section.rdata md5: 027980dbd808bbcf6b99707551dac517 sha1: 846db9b190875032af22fce0496630aef8c6224d size: 36864
Section.data md5: 93ae271155908c777cc6703775f3d536 sha1: 6cbefb7714a021b8cfbd2311c7788c3eb34e3653 size: 69120
Section.rsrc md5: 26982299b035d39f0058d6d412e9d67a sha1: d06f5ac816c374e75fdffad6e794dfa4cda55e3a size: 42496
Timestamp2015-10-23 07:33:04
PackerMicrosoft Visual C++ ?.?
PEhash7a27e80b0793f276d113fc5cb172b061bbe36b5a
IMPhash99895a44719bbc8ffa76db8b2399a7dc
AVFortinetW32/Kryptik.ECCZ!tr
AVIkarusTrojan.Win32.Crypt
AVTrend Microno_virus
AVAd-AwareTrojan.GenericKD.2819951
AVMcafeeRDN/Sdbot.worm
AVKasperskyTrojan.Win32.Bublik.dxrj
AVMalwareBytesno_virus
AVSymantecTrojan.Gen
AVVirusBlokAda (vba32)Trojan.Yakes
AVCAT (quickheal)Trojan.Bublik.r4
AVCA (E-Trust Ino)no_virus
AVMicroWorld (escan)Trojan.GenericKD.2819951
AVBullGuardTrojan.GenericKD.2819951
AVEmsisoftTrojan.GenericKD.2819951
AVK7Trojan ( 004aef8a1 )
AVClamAVno_virus
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.LJ
AVEset (nod32)Win32/Injector.BNHS
AVTwisterno_virus
AVZillya!no_virus
AVDr. WebTrojan.Dridex.234
AVAlwil (avast)Androp [Drp]
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVRising0x594e1f80
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKD.2819951
AVAvira (antivir)TR/AD.RunExp.Y.628
AVBitDefenderTrojan.GenericKD.2819951
AVArcabit (arcavir)Trojan.GenericKD.2819951
AVGrisoft (avg)Inject3.LPS

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe
Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\cebe_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\bcab_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\e59b_appcompat.txt

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\a1e6_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\da2c_appcompat.txt

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\ab4b_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\89a1_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\9cc3_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\c044_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 184

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ Pid 316

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 180

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 184

Network Details:


Raw Pcap

Strings