Analysis Date2015-11-22 19:34:28
MD503b22b3ec854b0739c825f82fd0a55b7
SHA1c3821914b670cda003a997def20643e21ab275ae

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash9e6987ce09d79fbfbad2d0c0e9cc1479645f1219
IMPhash
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Dldr.Upatre.MY
AVTwisterno_virus
AVAd-AwareGen:Trojan.Heur.JP.dqY@amJTv9p
AVAlwil (avast)Upatre-B [Trj]
AVEset (nod32)no_virus
AVGrisoft (avg)Cryptic.EXC
AVSymantecDownloader.Upatre
AVFortinetno_virus
AVBitDefenderGen:Trojan.Heur.JP.dqY@amJTv9p
AVK7Riskware ( 0040eff71 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.AF
AVMicroWorld (escan)Gen:Trojan.Heur.JP.dqY@amJTv9p
AVMalwareBytesTrojan.Downloader
AVAuthentiumW32/Trojan.ISAU-1626
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Downloader.Win32.Waski
AVEmsisoftGen:Trojan.Heur.JP.dqY@amJTv9p
AVZillya!no_virus
AVKasperskyno_virus
AVTrend Microno_virus
AVCAT (quickheal)Downloader.Upatre.013890
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Trojan.Heur.JP.dqY@amJTv9p
AVArcabit (arcavir)Gen:Trojan.Heur.JP.dqY@amJTv9p
AVClamAVno_virus
AVDr. Webno_virus
AVF-SecureGen:Trojan.Heur.JP.dqY@amJTv9p
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)TR/Dldr.Upatre.MY
AVTwisterno_virus
AVAd-AwareGen:Trojan.Heur.JP.dqY@amJTv9p
AVAlwil (avast)Upatre-B [Trj]
AVEset (nod32)no_virus
AVGrisoft (avg)Cryptic.EXC
AVSymantecDownloader.Upatre
AVFortinetno_virus
AVBitDefenderGen:Trojan.Heur.JP.dqY@amJTv9p
AVK7Riskware ( 0040eff71 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.AF
AVMicroWorld (escan)Gen:Trojan.Heur.JP.dqY@amJTv9p
AVMalwareBytesTrojan.Downloader
AVAuthentiumW32/Trojan.ISAU-1626
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Downloader.Win32.Waski

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2765_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 168
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1404 -e 124 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 168

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1404 -e 124 -g

Network Details:


Raw Pcap

Strings