Analysis Date2015-06-30 16:44:58
MD5983de792dda3fb36913075a504881b3a
SHA1c86e1ea80317e24613b1d55a239cd4d30072e487

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 17a1b5f8c3024608601d41e715f3019d sha1: de7f739395f9d473252d1f557fa4c91becbd96ce size: 86016
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: f96ba0ec6aee75d621843390a3c2f441 sha1: 8c841197806c17344267819a622765ad638b74ba size: 12288
Section. md5: f27a9466f3243513bba38034c7a0238b sha1: 9bdf686ac35804c50548ee6b9e8f4c0d39754cfa size: 12288
Timestamp1994-07-21 13:48:14
VersionInternalName: rHKA4md
FileVersion: 6.01.0014
CompanyName: DQEp
LegalTrademarks: nOZTl
Comments: IcFK
ProductName: sShZ
ProductVersion: 6.01.0014
OriginalFilename: rHKA4md.exe
PackerMicrosoft Visual Basic v5.0
PEhash5a6e5dc6f39e9b9f1e8c1876e36aa5ce29c7c0fc
IMPhashf5195973f0971aa33c1a55ffcd8ab29b
AVCA (E-Trust Ino)Win32/VBInject.U!generic
AVRisingno_virus
AVMcafeeRDN/Generic Dropper!xd
AVAvira (antivir)TR/Patched.Ren.Gen
AVTwisterVirus.6818124000E8EEFFFF.mg
AVAd-AwareTrojan.Generic.7526192
AVAlwil (avast)VB-ABUC [Trj]
AVEset (nod32)Win32/TrojanDownloader.Zurgop.AQ
AVGrisoft (avg)Generic27.AYID
AVSymantecno_virus
AVFortinetW32/Inject.AQ!tr
AVBitDefenderTrojan.Generic.7526192
AVK7Backdoor ( 04c548571 )
AVMicrosoft Security EssentialsDDoS:Win32/Dofoil.A
AVMicroWorld (escan)Trojan.Generic.7526192
AVMalwareBytesTrojan.Agent
AVAuthentiumW32/Injector.WUJM-8773
AVFrisk (f-prot)W32/Injector.FE
AVIkarusTrojan-Dropper.Win32.Injector
AVEmsisoftTrojan.Generic.7526192
AVZillya!Trojan.Inject.Win32.34564
AVKasperskyTrojan.Win32.Inject.diiy
AVTrend Microno_virus
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.VBCR.2841
AVPadvishno_virus
AVBullGuardTrojan.Generic.7526192
AVArcabit (arcavir)Trojan.Generic.7526192
AVClamAVTrojan.DocStealer
AVDr. WebTrojan.Tenagour.9
AVF-SecureTrojan.Generic.7526192

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2b4f_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 200

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 200

Network Details:


Raw Pcap

Strings