Analysis Date2016-01-28 17:18:24
MD5e6ed26fce4fe214e4ad8372142e43e73
SHA1c7968a0e9a748d6dba3ef8a96196480ab4622ddc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7506ca2ee4dd1e7873bd1bfaa2640bf0 sha1: 88def484b5277d209e075cbe0fb00ff2e65c82c5 size: 92672
Section.rdata md5: 66eefc066a71170f7b80559f82908200 sha1: 5a77cabbc5587288db4cf487c7c1f964c5e4658e size: 18944
Section.data md5: b7580304b0445c278c09abfcc783d0bd sha1: 84187770c60698d203a68773cddf507ddcf23ae3 size: 8704
Section.ttttttt md5: dc47ae8271441ee86cbb89b8e0ccd29a sha1: 0294e4abd238d18a8ba2248dc3a3c0b3783a03a2 size: 4608
Section.vagina md5: 38ec8ffce8a41dce03dcb2b167e54ee5 sha1: 55e84e38c73f66d404d6e30431120e052f0280a2 size: 10240
Section.rsrc md5: 3937985fe77f55e44176c24665dacd6b sha1: 20ae989a6ba2731962b108a72a2a5b8a309ba82f size: 48640
Timestamp2016-01-26 06:24:36
VersionLegalCopyright: looking at ass hole
InternalName: jim bot
FileVersion: 568.24885 trenik
CompanyName: maymun
ProductName: yebanawka
ProductVersion: 568.24885 trenik
FileDescription: hora girls
OriginalFilename: bruklin
PackerMicrosoft Visual C++ ?.?
PEhash8e0146dfb4ea7df6806c4b5ff2d2c1b7d8e619bc
IMPhash983b919b5c1d7d6383e90023b63388b8
AVTrend MicroNo Virus
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/AD.Gamarue.Y.1830
AVTwisterNo Virus
AVAd-AwareTrojan.GenericKD.3012488
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.ELTU
AVGrisoft (avg)Crypt_r.AUD
AVSymantecNo Virus
AVFortinetNo Virus
AVBitDefenderTrojan.GenericKD.3012488
AVK7No Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Trojan.GenericKD.3012488
AVMalwareBytesBackdoor.Andromeda
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Crypt
AVEmsisoftTrojan.GenericKD.3012488
AVZillya!No Virus
AVKasperskyTrojan.Win32.Yakes.ougg
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVBullGuardGen:Variant.Midie.6599
AVArcabit (arcavir)Trojan.GenericKD.3012488
AVClamAVNo Virus
AVDr. WebNo Virus
AVF-SecureTrojan.GenericKD.3012488
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
5.45.97.110
DNSeurope.pool.ntp.org
Type: A
85.254.217.3
DNSeurope.pool.ntp.org
Type: A
91.212.90.20
DNSeurope.pool.ntp.org
Type: A
129.70.132.33
DNSnorth-america.pool.ntp.org
Type: A
104.232.3.3
DNSnorth-america.pool.ntp.org
Type: A
152.2.133.53
DNSnorth-america.pool.ntp.org
Type: A
50.116.55.65
DNSnorth-america.pool.ntp.org
Type: A
96.126.105.86
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.193
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSasia.pool.ntp.org
Type: A
118.189.211.186
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSasia.pool.ntp.org
Type: A
113.30.137.34
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSoceania.pool.ntp.org
Type: A
116.68.13.205
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSoceania.pool.ntp.org
Type: A
203.56.27.253

Raw Pcap

Strings