Analysis Date2018-06-06 11:57:59
MD56706834085b0e1acaf13e1763b131eae
SHA1c94d2d56c953f1aa002a1d91215737fd4553838e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ebded6dcf1de359d0f23e07665b64b3a sha1: 03c10bf15bf178b2027480d088c2850bb7fb50dd size: 120320
Section.rdata md5: 7ec74f423a61892d4b86043c325f7fdc sha1: 8dbce312b7dbf5f049cf19591ccd27a7a1e73f55 size: 10752
Section.data md5: ff77083bfceaea63ad3a9a2d5e2a9ded sha1: b73751834b284137a388774b4e3af8338b13c96c size: 14848
Section.rsrc md5: b3f12f21c954d1096b9fa00741f720f7 sha1: 0877005049165167d570f14f8cc297e41bbf8f5d size: 70144
Timestamp2015-08-12 10:06:40
VersionLegalCopyright: (C) 2007 Adobe Systems Incorporated. All rights reserved.
InternalName: Adobe Help Viewer 1.1
FileVersion: 1.1.0.143
CompanyName: Adobe Systems Incorporated
ProductName: Adobe Help Viewer 1.1
ProductVersion: 1.1
FileDescription: Adobe Help Viewer 1.1
OriginalFilename: ahv.exe
PackerMicrosoft Visual C++ ?.?
PEhashe17f5c40769792c4a31085e79b7d4c23a47b1c56
IMPhash68e9260c9f3734b14ed495b92948e66a
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.GenericKD.2639870
AVDr. WebBackDoor.Andromeda.614
AVClamAVno_virus
AVArcabit (arcavir)Trojan.GenericKD.2639870
AVBullGuardTrojan.GenericKD.2639870
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyBackdoor.Win32.Androm.hwde
AVZillya!no_virus
AVEmsisoftTrojan.GenericKD.2639870
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVMalwareBytesTrojan.Inject
AVMicroWorld (escan)Trojan.GenericKD.2639870
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVK7Trojan ( 004cd12f1 )
AVBitDefenderTrojan.GenericKD.2639870
AVFortinetW32/Kryptik.DTFF!tr
AVSymantecBackdoor.Trojan
AVGrisoft (avg)Crypt_r.JT
AVEset (nod32)Win32/Kryptik.DTFF
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareTrojan.GenericKD.2639870
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.ZPACK.149449
AVMcafeeRDN/Generic BackDoor
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\c94d2d56c953f1aa002a1d91215737fd4553838e.exe

Process
↳ C:\Windows\SysWOW64\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
217.114.59.66
DNSeurope.pool.ntp.org
Type: A
85.93.216.115
DNSeurope.pool.ntp.org
Type: A
83.223.103.249
DNSeurope.pool.ntp.org
Type: A
78.46.49.19
DNSnorth-america.pool.ntp.org
Type: A
96.44.142.5
DNSnorth-america.pool.ntp.org
Type: A
69.167.160.102
DNSnorth-america.pool.ntp.org
Type: A
129.250.35.250
DNSnorth-america.pool.ntp.org
Type: A
129.6.15.30
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
200.1.22.6
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSasia.pool.ntp.org
Type: A
194.27.222.5
DNSasia.pool.ntp.org
Type: A
157.7.154.23
DNSasia.pool.ntp.org
Type: A
211.233.84.186
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSoceania.pool.ntp.org
Type: A
202.22.158.30
DNSoceania.pool.ntp.org
Type: A
27.54.95.12
DNSafrica.pool.ntp.org
Type: A
168.167.168.38
DNSafrica.pool.ntp.org
Type: A
41.188.33.6
DNSafrica.pool.ntp.org
Type: A
197.82.150.123
DNSafrica.pool.ntp.org
Type: A
196.25.1.5

Raw Pcap
0x00000000 (00000)   504f5354 202f626c 6130382f 67617465   POST /bla08/gate
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a43   .php HTTP/1.1..C
0x00000020 (00032)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000030 (00048)   2d636163 68650d0a 436f6e6e 65637469   -cache..Connecti
0x00000040 (00064)   6f6e3a20 636c6f73 650d0a50 7261676d   on: close..Pragm
0x00000050 (00080)   613a206e 6f2d6361 6368650d 0a436f6e   a: no-cache..Con
0x00000060 (00096)   74656e74 2d547970 653a2061 70706c69   tent-Type: appli
0x00000070 (00112)   63617469 6f6e2f6f 63746574 2d737472   cation/octet-str
0x00000080 (00128)   65616d0d 0a557365 722d4167 656e743a   eam..User-Agent:
0x00000090 (00144)   204d6f7a 696c6c61 2f342e30 0d0a436f    Mozilla/4.0..Co
0x000000a0 (00160)   6e74656e 742d4c65 6e677468 3a203539   ntent-Length: 59
0x000000b0 (00176)   0d0a486f 73743a20 616e6434 2e6a756e   ..Host: and4.jun
0x000000c0 (00192)   676c6562 65617269 77746331 2e636f6d   glebeariwtc1.com
0x000000d0 (00208)   0d0a0d0a afd8abce ad255a01 c212453f   .........%Z...E?
0x000000e0 (00224)   64b89f69 320c10a9 dde99403 c32cdc6e   d..i2........,.n
0x000000f0 (00240)   c8eaf769 a25f3b17 0faa49e9 084d86ca   ...i._;...I..M..
0x00000100 (00256)   84ae4f07 991d746a fe6086d5 8a9490     ..O...tj.`.....


Strings