Analysis Date2015-11-28 08:36:24
MD5f9ab4b1eff1bf61b4ba63f2505b0be27
SHA1c1582c833a15f2512c03ba3ef316c0516e54cd3e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 527e3bb6a2eca2cab0224122f31f5010 sha1: dc6b591795cceba2d9faec6346e524fd651ab796 size: 98304
Section.rdata md5: 331f34c60c2b894843bf14dbe8d51371 sha1: d458cf758c9e4b3b03e5a607d5c2b339d81c4fa0 size: 20480
Section.data md5: 1cc117633b31d63e1d062d6da6463868 sha1: ce7fa8e95191745f35ea437773d116f71fe57a10 size: 225280
Section.rsrc md5: 4a5eb278cd1f752ac268d464afe96878 sha1: 859fe504f63586e23d0a5634d5454082714ca1e4 size: 57344
Timestamp2014-02-02 17:15:37
VersionFileVersion: 1, 97, 0, 734
ProductName: jumlox App
ProductVersion: 1, 97, 0, 983
FileDescription: jumlox App
PEhash15556fbaa9345fadce11dfe1a8c8f576b384084e
IMPhash80597013fcd4e617a4b2984955d152ca
AVF-SecureGen:Variant.Kazy.332923
AVAuthentiumno_virus
AVMalwareBytesTrojan.Agent.ED
AVDr. WebBackDoor.Caphaw.144
AVGrisoft (avg)Agent4.BOMZ
AVMalwareBytesTrojan.Agent.ED
AVEset (nod32)Win32/Kryptik.BUFO
AVMicroWorld (escan)Gen:Variant.Kazy.332923
AVTrend MicroBKDR_CAPHAW.SMWA
AVClamAVno_virus
AVAd-AwareGen:Variant.Kazy.332923
AVEset (nod32)Win32/Kryptik.BUFO
AVBitDefenderGen:Variant.Kazy.332923
AVMicroWorld (escan)Gen:Variant.Kazy.332923
AVAvira (antivir)TR/Crypt.ZPACK.208427
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVFortinetW32/Kryptik.BTJP!tr
AVMicrosoft Security EssentialsTrojan:Win32/Toga!rfn:Backdoor:Win32/Caphaw.A
AVIkarusTrojan.Agent4
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)BScope.Backdoor.Caphaw.A
AVArcabit (arcavir)Gen:Variant.Kazy.332923
AVMcafeeBackDoor-FBRY!F9AB4B1EFF1B
AVTwisterTrojan.Generic.aoml
AVAvira (antivir)TR/Crypt.ZPACK.208427
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.BTJP!tr
AVK7Trojan ( 004972021 )
AVMicrosoft Security EssentialsTrojan:Win32/Toga!rfn:Backdoor:Win32/Caphaw.A
AVRisingno_virus
AVMcafeeBackDoor-FBRY!F9AB4B1EFF1B
AVTwisterTrojan.Generic.aoml
AVAd-AwareGen:Variant.Kazy.332923
AVGrisoft (avg)Agent4.BOMZ
AVSymantecTrojan.Gen
AVBitDefenderGen:Variant.Kazy.332923
AVK7Trojan ( 004972021 )
AVAuthentiumno_virus
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Variant.Kazy.332923
AVZillya!Trojan.Yakes.Win32.23439
AVCAT (quickheal)Backdoor.Caphaw.A4
AVPadvishno_virus
AVBullGuardGen:Variant.Kazy.332923
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVIkarusTrojan.Agent4
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Mutexd
Winsock DNSq4xm79l8h45.solt.cc
Winsock DNSalx6k3d0.duti.cc

Network Details:

DNSduti.cc
Type: A
DNSalx6k3d0.duti.cc
Type: A
DNSsolt.cc
Type: A
DNSq4xm79l8h45.solt.cc
Type: A
DNSacow.cc
Type: A
Flows UDP192.168.1.1:1031 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1031 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1031 ➝ 208.67.222.220:53
Flows UDP192.168.1.1:1032 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1032 ➝ 208.67.222.220:53
Flows UDP192.168.1.1:1033 ➝ 8.8.8.8:53
Flows UDP192.168.1.1:1033 ➝ 208.67.222.220:53

Raw Pcap

Strings