Analysis Date2015-10-23 08:23:10
MD5d476aed2da9148793f5c8765fb841bc1
SHA1be95cb9b43a92e25154fda0ffde6d9fe782ae481

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e4e6cc2ae7dc4e0d7821f90e959c43a8 sha1: 67b7405ebba5bd98103707679bea1aa98251fc52 size: 20480
Section.rdata md5: f0afcf6e9b8bf94a36a7a48c5b9a5a18 sha1: 497f2f23bc5b32b91bf91e9b4b3fb378c37c78a1 size: 4096
Section.data md5: 173fe94cb6a62d79b21004cf6ca282a7 sha1: 2869e40391d200e11f67fc0bf257b2b05eac07ad size: 163840
Section.rsrc md5: 044ebb1dca21253a9e12123458e0836f sha1: 3af800218c599e1f03987d6ba2a5b1e31d2b5a6a size: 4096
Timestamp2012-01-21 11:43:07
PackerMicrosoft Visual C++ v6.0
PEhashd554c92fa1618b0eeedfb9fae68c111f10889586
IMPhashef39d474ee88b9215814d74ee695b02b
AVRisingTrojan.Win32.Lebag.b
AVCA (E-Trust Ino)Win32/Zegost.UY
AVF-SecureGen:Variant.Symmi.2865
AVDr. WebTrojan.SpyBot.592
AVClamAVWin.Trojan.Dialer-380
AVArcabit (arcavir)Gen:Variant.Symmi.2865
AVBullGuardGen:Variant.Symmi.2865
AVPadvishMalware.Trojan.Zegost-39
AVVirusBlokAda (vba32)SScope.Trojan.SvcHorse.01643
AVCAT (quickheal)Backdoor.Zegost.B
AVTrend MicroBKDR_ZEGOST.AD
AVKasperskyTrojan.Win32.Dialer.ansz
AVZillya!Trojan.Dialer.Win32.12210
AVEmsisoftGen:Variant.Symmi.2865
AVIkarusTrojan-Dialer
AVFrisk (f-prot)W32/Zegost.AM.gen!Eldorado
AVAuthentiumW32/Zegost.AM.gen!Eldorado
AVMalwareBytesBackdoor.Farfli
AVMicroWorld (escan)Gen:Variant.Symmi.2865
AVMicrosoft Security EssentialsBackdoor:Win32/Zegost!rfn
AVK7Backdoor ( 04c4e4111 )
AVBitDefenderGen:Variant.Symmi.2865
AVFortinetW32/Farfli.PZ!tr
AVSymantecBackdoor.Zegost!gen2
AVGrisoft (avg)Dialer.YTP
AVEset (nod32)Win32/Farfli.KD
AVAlwil (avast)GenMalicious-GJW [Trj]
AVAd-AwareGen:Variant.Symmi.2865
AVTwisterTrojan.1B14208821CFBA83
AVAvira (antivir)BDS/Zegost.birna
AVMcafeeBackDoor-EMA.gen.e

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XXXXXX45A92B81 ➝
C:\WINDOWS\XXXXXX45A92B81\svchsot.exe\\x00
Creates FileC:\WINDOWS\XXXXXX45A92B81\svchsot.exe
Creates FileC:\WINDOWS\system32\45A92B81
Creates File\Device\Afd\Endpoint
Creates MutexAAAAAA/rGxpq6ntK+wpq69AvYA7739AvOpp6+vr58=

Network Details:

DNSa2291870391.eicp.net
Type: A
174.128.255.231
Flows TCP192.168.1.1:1031 ➝ 174.128.255.231:8000
Flows TCP192.168.1.1:1032 ➝ 174.128.255.231:8000

Raw Pcap

Strings