Analysis Date2015-08-02 12:25:46
MD5c838f09d6d4b4f8ad2394813493e0afb
SHA1c82c16de4e2318248d8960034b4a41d219c4361f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: af679cac3621788065ab9170e2522f42 sha1: 7d8f7f230e0fc7c1c86913634405e4a124e98702 size: 17920
SectionDATA md5: fdd0f81768b5b0972557e0ce4b7f6d29 sha1: a53511d0a80bc84e6eb5307dae68fa1877fe66ad size: 512
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 9039606d7fb995205349cffbcbae0b9d sha1: 0d5e6dcacfe6fcc7f18e1e712eb7393f4f959038 size: 2560
Section.reloc md5: 7aa21226b35ce8da70cc66c3592be6e3 sha1: 7a41cf4acfec909beead858e403437f8ef6aafce size: 1536
Section.rsrc md5: 98d951444286ceb2a7d20f315175074b sha1: c6fccf2ce155e9f7e58ffba5c9020601e21e4564 size: 70656
Timestamp1992-06-19 22:22:17
PackerBobSoft Mini Delphi -> BoB / BobSoft
PEhash905b0fe228f457e3afa64f5d9210e950c7338b03
IMPhashb8bb9545c78c1f8ce5d3ba01b5f41918
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)BDS/Bezigate.aouma
AVTwisterTrojan.6FD331929482C658
AVAd-AwareGen:Variant.Zusy.Elzob.20808
AVAlwil (avast)NewPos-B [Trj]
AVEset (nod32)Win32/Delf.OIH
AVGrisoft (avg)BackDoor.Hupigon5.CLZJ
AVSymantecTrojan.Gen
AVFortinetW32/Delf.OIH!tr
AVBitDefenderGen:Variant.Zusy.Elzob.20808
AVK7Trojan ( 003f0e891 )
AVMicrosoft Security EssentialsBackdoor:Win32/Bezigate.B
AVMicroWorld (escan)Gen:Variant.Zusy.Elzob.20808
AVMalwareBytesTrojan.Passwords
AVAuthentiumno_virus
AVFrisk (f-prot)no_virus
AVIkarusBackdoor.Win32.Bezigate
AVEmsisoftGen:Variant.Zusy.Elzob.20808
AVZillya!no_virus
AVKasperskyTrojan.Win32.Agent.uglc
AVTrend Microno_virus
AVCAT (quickheal)Trojan.Agen.r6
AVVirusBlokAda (vba32)Trojan.Agent
AVPadvishno_virus
AVBullGuardGen:Variant.Zusy.Elzob.20808
AVArcabit (arcavir)Gen:Variant.Zusy.Elzob.20808
AVClamAVWin.Trojan.Agent-19444
AVDr. WebTrojan.MulDrop4.7151
AVF-SecureGen:Variant.Zusy.Elzob.20808
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Filec:\windows\sweet-girlpiya.exe
Creates FileC:\keylog.dat
Creates Processc:\windows\sweet-girlpiya.exe
Creates Mutexy0PUDJq9EosC8

Process
↳ c:\windows\sweet-girlpiya.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\sweetgirl3334443 ➝
"c:\windows\sweet-girlpiya.exe"
Creates Filec:\windows\keylog.dat
Creates File\Device\Afd\Endpoint
Creates Mutexy0PUDJq9EosC8

Network Details:

Flows TCP192.168.1.1:1031 ➝ 46.37.173.233:200
Flows TCP192.168.1.1:1032 ➝ 46.37.173.233:200
Flows TCP192.168.1.1:1033 ➝ 46.37.173.233:200

Raw Pcap
0x00000000 (00000)   88                                    .

0x00000000 (00000)   88                                    .

0x00000000 (00000)   88                                    .


Strings