Analysis Date2018-06-06 11:47:17
MD5867b414dbeb042f4d79a2670721913db
SHA1c22050d3e40ba4496125cb0f136b11553652a5f0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 62a2266e48932b07119e462632e68acc sha1: 616e9639ae11181d574a47f31186672955f4a77d size: 176128
Section.data md5: 73f248a94a41e5a8afd9441d8c035405 sha1: 3677b9b6d8a2c24144e1dc3173c634ad8de3cb56 size: 6144
Section.rsrc md5: 54c7f15e19538eb5a10ebc3d70967519 sha1: 8dcb8fe233a13d25f094cb059f0e0aafcb48d78a size: 25088
Timestamp2015-05-31 17:52:21
VersionLegalCopyright: © Microsoft Corporation. All rights reserved.
InternalName: tracewpp.exe
FileVersion: 6.0.5740.347 (vbl_tools_build(jaykrell).061002-0253)
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.0.5740.347
FileDescription: WMI Tracing C/C++ preprocessor
OriginalFilename: tracewpp.exe
PackerMicrosoft Visual C++ ?.?
PEhashce274f87ed79985c19fa77989ad72d6fc6b64971
IMPhashf3dce1a30ae118e7ef337ff9e8801d85
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.GenericKD.2454707
AVDr. WebTrojan.Packed.31180
AVClamAVno_virus
AVArcabit (arcavir)Trojan.GenericKD.2454707
AVBullGuardTrojan.GenericKD.2454707
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyBackdoor.Win32.Kasidet.agy
AVZillya!no_virus
AVEmsisoftTrojan.GenericKD.2454707
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesTrojan.FakeMS
AVMicroWorld (escan)Trojan.GenericKD.2454707
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVK7no_virus
AVBitDefenderTrojan.GenericKD.2454707
AVFortinetW32/Kryptik.DKAL!tr
AVSymantecInfostealer.Limitail
AVGrisoft (avg)Crypt4.ANAC
AVEset (nod32)Win32/Kryptik.DKDD
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareTrojan.GenericKD.2454707
AVTwisterno_virus
AVAvira (antivir)TR/Dropper.A.39868
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\c22050d3e40ba4496125cb0f136b11553652a5f0.exe

Process
↳ C:\Windows\SysWOW64\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.63.9.212
DNSeurope.pool.ntp.org
Type: A
78.157.115.4
DNSeurope.pool.ntp.org
Type: A
195.141.190.190
DNSeurope.pool.ntp.org
Type: A
194.177.4.1
DNSnorth-america.pool.ntp.org
Type: A
74.120.8.2
DNSnorth-america.pool.ntp.org
Type: A
67.18.187.111
DNSnorth-america.pool.ntp.org
Type: A
173.255.193.172
DNSnorth-america.pool.ntp.org
Type: A
132.163.4.101
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.193
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSasia.pool.ntp.org
Type: A
157.7.154.23
DNSasia.pool.ntp.org
Type: A
116.193.170.25
DNSasia.pool.ntp.org
Type: A
59.106.180.168
DNSasia.pool.ntp.org
Type: A
168.63.242.24
DNSoceania.pool.ntp.org
Type: A
150.101.112.134
DNSoceania.pool.ntp.org
Type: A
203.23.237.200
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSafrica.pool.ntp.org
Type: A
196.223.19.2
DNSafrica.pool.ntp.org
Type: A
41.204.120.137
DNSafrica.pool.ntp.org
Type: A
41.188.33.6
DNSafrica.pool.ntp.org
Type: A
196.223.19.3

Raw Pcap
0x00000000 (00000)   504f5354 202f626c 6130382f 67617465   POST /bla08/gate
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a43   .php HTTP/1.1..C
0x00000020 (00032)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000030 (00048)   2d636163 68650d0a 436f6e6e 65637469   -cache..Connecti
0x00000040 (00064)   6f6e3a20 636c6f73 650d0a50 7261676d   on: close..Pragm
0x00000050 (00080)   613a206e 6f2d6361 6368650d 0a436f6e   a: no-cache..Con
0x00000060 (00096)   74656e74 2d547970 653a2061 70706c69   tent-Type: appli
0x00000070 (00112)   63617469 6f6e2f6f 63746574 2d737472   cation/octet-str
0x00000080 (00128)   65616d0d 0a557365 722d4167 656e743a   eam..User-Agent:
0x00000090 (00144)   204d6f7a 696c6c61 2f342e30 0d0a436f    Mozilla/4.0..Co
0x000000a0 (00160)   6e74656e 742d4c65 6e677468 3a203539   ntent-Length: 59
0x000000b0 (00176)   0d0a486f 73743a20 616e6434 2e6a756e   ..Host: and4.jun
0x000000c0 (00192)   676c6562 65617269 77746331 2e636f6d   glebeariwtc1.com
0x000000d0 (00208)   0d0a0d0a afd8abce ad255a01 c212453f   .........%Z...E?
0x000000e0 (00224)   64b89f69 320c10a9 dde99403 c32cdc6e   d..i2........,.n
0x000000f0 (00240)   c8eaf769 a25f3b17 0faa49e9 084d86ca   ...i._;...I..M..
0x00000100 (00256)   84ae4f07 9815716a fe6086d5 8a9490     ..O...qj.`.....


Strings