Analysis Date2015-08-25 00:38:07
MD5e93e9bc77b5b470ea1ff5e0fd0361e40
SHA1c4f1404a4e4f5771115284f0392a3452d362222d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9a2499a402cbf0a070544f9d824a7fe1 sha1: 06ee403813111cf8ef03fe48b8c5f8386192fde9 size: 53248
Section.rdata md5: 3c0c6cf4e8d0d9b0574e825b267690ee sha1: cd404b7e06fe66d4caea1e29344c069802162e65 size: 24576
Section.data md5: aa2e85a0942911c369d8a4afe6a636f8 sha1: 794381393b0714689940d04deb635b8ef73a6d9d size: 18432
Section.rsrc md5: 894c574c49664bb82cca5973b652be48 sha1: 1447523bd2d887b93869eb18ed2569ca1a4859c8 size: 1536
Timestamp2014-06-20 17:27:39
VersionLegalCopyright: 2011-2014 AC Software
InternalName: Perfomance Count Tool
FileVersion: 2.2.3.0
CompanyName: AC Software
ProductName: perfomance tool
ProductVersion: 2.2.3.0
FileDescription: Perfomance Count Tool
OriginalFilename: perftool
PackerMicrosoft Visual C++ ?.?
PEhashc2913d5b3c9853b820de4536e6c64ca2e82dbbc8
IMPhash8e3a01f6fb6d68021b4a9ef8b190e12d
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeGeneric-FAVR!E93E9BC77B5B
AVAvira (antivir)TR/Agent.98816.147
AVTwisterTrojan.Girtk.CFCM.kdyj
AVAd-AwareTrojan.Foreign.1
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.CFCM
AVGrisoft (avg)Crypt4.BYTY
AVSymantecTrojan.Gen.2
AVFortinetW32/CPacker.G!tr
AVBitDefenderTrojan.Foreign.1
AVK7Trojan ( 004cd6ca1 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVMicroWorld (escan)Trojan.Foreign.1
AVMalwareBytesSpyware.Zbot.VXGen
AVAuthentiumno_virus
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftTrojan.Foreign.1
AVZillya!no_virus
AVKasperskyno_virus
AVTrend Microno_virus
AVCAT (quickheal)TrojanPWS.Zbot.A5
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardTrojan.Foreign.1
AVArcabit (arcavir)Trojan.Foreign.1
AVClamAVno_virus
AVDr. Webno_virus
AVF-SecureTrojan.Foreign.1

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\EnableLUA ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
NULL
Creates File\Device\Afd\Endpoint
Winsock DNSmacbookproretina.pw

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
191.232.80.55
DNSwww.update.microsoft.com.nsatc.net
Type: A
134.170.58.222
DNSupdate.microsoft.com
Type: A
DNSmacbookproretina.pw
Type: A
Flows TCP192.168.1.1:1036 ➝ 191.232.80.55:80
Flows UDP192.168.1.1:1037 ➝ 8.8.4.4:53
Flows UDP192.168.1.1:1038 ➝ 8.8.4.4:53

Raw Pcap

Strings