Analysis Date2015-10-15 10:38:58
MD5ed3cf46ce8f3fbd7256c6e6bdf6cf7bb
SHA1bf438d9b644d9884ec9c2eae36e48439f9bb2a84

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5699988d9fa83938c330bfd4cce5f106 sha1: 16f06cfdb30cdf8cd51c5dd4e1e39b57b67a309c size: 39936
Section.rdata md5: f31e828e89836f8debbb60f5f3839a05 sha1: 8549f2964225d0fdcd4f5f8bb9eb4895e02f45e5 size: 9216
Section.data md5: 43ad07cd5ad54b6318cf191e347557b3 sha1: f896fc3b9cc43a4f8e7e43c3a0ad779843e46541 size: 9216
Section.tygn md5: 03db484877d2ddb9e33e866e4cdab41c sha1: 572ceca79b36194c77c418bbab42ec3fe5a78964 size: 23040
Section.bnwe md5: ca137cd79922d2fd671be349eb8f6ebc sha1: 1489dd1c32aeef3960090f1adefef73595c3410e size: 5632
Section.rsrc md5: 7d06f5b7a39e8734584b3329da489dc4 sha1: eb924bf82d89ec839d5997d7d95974936917f40a size: 1536
Section.reloc md5: 3f497932f8f7847388bc4b82329e60bf sha1: ce2c48556c8e0667d18bd50d3a64f10d3610f7b8 size: 3584
Timestamp2015-09-23 02:31:45
VersionLegalCopyright: ftycdrgxtdhjgyk
InternalName: ftycdrgxtdhjgyk
FileVersion: 3.10.349.0
CompanyName: ftycdrgxtdhjgyk
LegalTrademarks1: ftycdrgxtdhjgyk
LegalTrademarks2: ftycdrgxtdhjgyk
ProductName: ftycdrgxtdhjgyk
ProductVersion: 3.10
FileDescription: Microsoft Security
OriginalFilename: ftycdrgxtdhjgyk
PackerMicrosoft Visual C++ ?.?
PEhashcf999458bcc4131820a5357267c24318fe8dded2
IMPhashf16e8bacfdb2fa48974b510cd8652fd9
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Kazy.575686
AVDr. WebBackDoor.Andromeda.614
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Kazy.575686
AVBullGuardGen:Variant.Kazy.575686
AVPadvishTrojan.Win32.FakeSysDef.OE
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Worm.Gamarue.WR6
AVTrend MicroRansom_.0A217DD0
AVKasperskyBackdoor.Win32.Androm.ihww
AVZillya!Backdoor.Androm.Win32.27455
AVEmsisoftGen:Variant.Kazy.575686
AVIkarusVirus.Win32.Cryptor
AVFrisk (f-prot)no_virus
AVAuthentiumW32/S-539696d3!Eldorado
AVMalwareBytesRansom.CryptoWall
AVMicroWorld (escan)Gen:Variant.Kazy.575686
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVK7Trojan ( 004d008d1 )
AVBitDefenderGen:Variant.Kazy.575686
AVFortinetW32/Kryptik.DYAM!tr
AVSymantecBackdoor.Trojan
AVGrisoft (avg)Crypt4.CMCY
AVEset (nod32)Win32/Kryptik.DYAM
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Variant.Kazy.575686
AVTwisterno_virus
AVAvira (antivir)TR/AD.Gamarue.Y.666
AVMcafeeGamarue-FCX!ED3CF46CE8F3
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.79.162.34
DNSeurope.pool.ntp.org
Type: A
178.33.227.201
DNSeurope.pool.ntp.org
Type: A
37.187.56.220
DNSeurope.pool.ntp.org
Type: A
5.9.89.201
DNSnorth-america.pool.ntp.org
Type: A
24.56.178.140
DNSnorth-america.pool.ntp.org
Type: A
74.120.8.2
DNSnorth-america.pool.ntp.org
Type: A
71.19.145.222
DNSnorth-america.pool.ntp.org
Type: A
52.0.56.137
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSsouth-america.pool.ntp.org
Type: A
186.71.75.78
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSasia.pool.ntp.org
Type: A
194.225.50.25
DNSasia.pool.ntp.org
Type: A
82.200.209.236
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
59.149.185.193
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
45.114.116.62
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
192.189.54.33
DNSafrica.pool.ntp.org
Type: A
196.223.19.2
DNSafrica.pool.ntp.org
Type: A
196.192.32.7
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSafrica.pool.ntp.org
Type: A
196.41.127.42

Raw Pcap

Strings