Analysis Date2016-01-28 17:13:27
MD507b4c83ed7664fa3ab05c3251e5b3690
SHA1cc479c452162cf2d6b26c55613da25db7db50e67

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: aab8c84fcb69b859b92558c25d31038a sha1: ddb40d8676aac404588aad89c3158a7685e991a1 size: 92672
Section.rdata md5: c53c074035bd3d62f8668e1fd24033c7 sha1: 6716803bc6df8f9664ef07b5e545d792f6eb158c size: 18944
Section.data md5: 1e75bc1fb3eefab0aef2ddd09dc432dc sha1: f15f158575944e6c3b2ea7da491eecb46d04374a size: 8704
Section.ttttttt md5: dc47ae8271441ee86cbb89b8e0ccd29a sha1: 0294e4abd238d18a8ba2248dc3a3c0b3783a03a2 size: 4608
Section.vagina md5: 38ec8ffce8a41dce03dcb2b167e54ee5 sha1: 55e84e38c73f66d404d6e30431120e052f0280a2 size: 10240
Section.rsrc md5: 2b0b62ae65833a45cf7bcc6d973d9c9d sha1: 0a69e6c45f3b35b113191686186b7164a9d988ec size: 47616
Timestamp2016-01-26 06:20:41
VersionLegalCopyright: looking at ass hole
InternalName: jim bot
FileVersion: 568.24885 trenik
CompanyName: maymun
ProductName: yebanawka
ProductVersion: 568.24885 trenik
FileDescription: hora girls
OriginalFilename: bruklin
PackerMicrosoft Visual C++ ?.?
PEhasheaa2007f796d31cfe07bf2f27a711f7986938212
IMPhash983b919b5c1d7d6383e90023b63388b8
AVRisingNo Virus
AVMcafeeRDN/Generic.mem
AVAvira (antivir)Worm/Gamarue.183808
AVTwisterNo Virus
AVAd-AwareGen:Variant.Midie.6599
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.ELTU
AVGrisoft (avg)Crypt_r.AUD
AVSymantecNo Virus
AVFortinetNo Virus
AVBitDefenderGen:Variant.Midie.6599
AVK7No Virus
AVMicrosoft Security EssentialsNo Virus
AVMicroWorld (escan)Gen:Variant.Midie.6599
AVMalwareBytesBackdoor.Andromeda
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)No Virus
AVIkarusNo Virus
AVEmsisoftGen:Variant.Midie.6599
AVZillya!No Virus
AVKasperskyTrojan.Win32.Agent.netxcv
AVTrend MicroNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVBullGuardGen:Variant.Midie.6599
AVArcabit (arcavir)Gen:Variant.Midie.6599
AVClamAVNo Virus
AVDr. WebNo Virus
AVF-SecureGen:Variant.Midie.6599
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
91.212.90.20
DNSeurope.pool.ntp.org
Type: A
85.21.78.23
DNSeurope.pool.ntp.org
Type: A
85.214.193.52
DNSeurope.pool.ntp.org
Type: A
85.254.217.3
DNSnorth-america.pool.ntp.org
Type: A
98.213.66.22
DNSnorth-america.pool.ntp.org
Type: A
198.55.111.50
DNSnorth-america.pool.ntp.org
Type: A
204.9.54.119
DNSnorth-america.pool.ntp.org
Type: A
24.56.178.140
DNSsouth-america.pool.ntp.org
Type: A
201.217.3.85
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.193
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSasia.pool.ntp.org
Type: A
157.7.154.23
DNSasia.pool.ntp.org
Type: A
157.7.235.92
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSoceania.pool.ntp.org
Type: A
202.60.94.15
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
103.242.70.5

Raw Pcap

Strings