Analysis Date2015-10-04 20:55:28
MD5f319201c25ba5d099a9983a67deaec4a
SHA1cc5cb260466366116a199e68d2fcff184feaee68

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f9000e88a8dd01d9e321bcd4d5182cb8 sha1: 6fef0d239156dfe6c52089e446c10437f7c22966 size: 20480
Section.rdata md5: 07b2c9c88a43fae866aa780f580f1f27 sha1: 6e65812f1e0c448c95571d9ffd5b08fd5b9ffde2 size: 114688
Section.data md5: cff6c810599ff683bca3b6894aa48404 sha1: e49e715b829f5a5b5de75909bea00736ead4cbd6 size: 8192
Section.rsrc md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.reloc md5: bddd4670979099174efc8b7715a19cbe sha1: 837770da10404a822bd91b15f28abbf57ff200fb size: 4096
Timestamp2014-02-16 09:26:24
PackerMicrosoft Visual C++ ?.?
PEhash5b7c83a73d745eddc10dbe2dfcb73ffc1ca90806
IMPhash9f6fbf34abd659426cbc0dc8bc1dd107
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Win32.ExplorerHijack.juW@aO1aNlk
AVDr. WebTrojan.PWS.Ibank.774
AVClamAVno_virus
AVArcabit (arcavir)Gen:Win32.ExplorerHijack.juW@aO1aNlk
AVBullGuardGen:Win32.ExplorerHijack.juW@aO1aNlk
AVPadvishno_virus
AVVirusBlokAda (vba32)Backdoor.Gulpix
AVCAT (quickheal)no_virus
AVTrend MicroBKDR_PLUGX.EO
AVKasperskyTrojan-Dropper.Win32.Injector.njoj
AVZillya!Trojan.Korplug.Win32.649
AVEmsisoftGen:Win32.ExplorerHijack.juW@aO1aNlk
AVIkarusGen.Win32.ExplorerHijack
AVFrisk (f-prot)no_virus
AVAuthentiumno_virus
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Win32.ExplorerHijack.juW@aO1aNlk
AVMicrosoft Security EssentialsBackdoor:Win32/Plugx.H
AVK7no_virus
AVBitDefenderGen:Win32.ExplorerHijack.juW@aO1aNlk
AVFortinetW32/Korplug.BY!tr
AVSymantecTrojan.Gen
AVGrisoft (avg)BackDoor.Generic18.RSD
AVEset (nod32)Win32/Korplug.BY
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Win32.ExplorerHijack.juW@aO1aNlk
AVTwisterTrojan.DOMG.dpur
AVAvira (antivir)TR/Dropper.Gen
AVMcafeeRDN/Generic BackDoor
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates ProcessC:\Documents and Settings\All Users\DRM\XXX\.exe
Creates MutexGlobal\qzkdc

Process
↳ C:\Documents and Settings\All Users\DRM\XXX\.exe

Creates ProcessC:\WINDOWS\system32\svchost.exe
Creates MutexGlobal\qzkdc
Creates MutexGlobal\eklrhgdvaqrfzgugv
Creates MutexGlobal\ommdvtuqnjwvdfajh
Creates MutexGlobal\spkpmqldlmevt
Creates MutexGlobal\wvisq
Creates MutexGlobal\yomxamirg
Creates MutexGlobal\ssmuagced
Creates MutexGlobal\ylknm
Creates MutexGlobal\mschu
Creates MutexGlobal\gxklm
Creates MutexGlobal\kcbgn
Creates MutexGlobal\egbyx
Creates MutexGlobal\ganijochb
Creates MutexGlobal\uimnyxkbx
Creates MutexGlobal\iqlpefsfveadljlia
Creates MutexGlobal\aelyqgtun
Creates MutexGlobal\mwmjwuuwpuvcczsph
Creates MutexGlobal\qclkvonpovvoztjdf

Process
↳ C:\WINDOWS\system32\svchost.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202608.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202603.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202553.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202613.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX\nprqyjadoqkp
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202558.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202618.jpg
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202623.jpg
Creates FileC:\Documents and Settings\All Users\DRM\XXX-SCREEN\Administrator\20151004202628.jpg
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexGlobal\000000010000000000000100
Creates MutexMMMM
Winsock DNS127.0.0.1

Network Details:

Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53
Flows UDP192.168.1.1:53 ➝ 192.168.1.1:53

Raw Pcap

Strings