Analysis Date2016-02-01 01:35:00
MD59da0a2a0bf8df15592d3a8ad9e972e1c
SHA1ccd2375427fcdf417b14671aa57dc18dc4584e0f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.code md5: b6ef59869e961c2acdbe48d06ae9e4c2 sha1: cbc76824d34cc355d23796130e728fa59c86dad9 size: 9216
Section.text md5: 97d3a980d89cd3da09537d21ebee41e6 sha1: 88b09aa4e1bc9666707134e194f0529006bd3a55 size: 10752
Section.rdata md5: b29a34376b865ab1c81fd046b2909697 sha1: af45240e59e7bf8d2abb2e1621e78e27bfe6692e size: 512
Section.data md5: 8094ca0a6ae109ab42127a089572e4d3 sha1: 893872dc622f9fa8c19ec7bfc170a8eec3ef8011 size: 27648
Section.rsrc md5: fe9b0bc9b928fbc9995490700ecbcf5d sha1: 86c2f2cfd2dcd408bec497789fd7fbaf5714b17d size: 2048
Timestamp2016-01-26 15:04:57
VersionLegalCopyright: (C) 2016 Transactions Marigolds. All rights reserved.
InternalName: Understate Unkindlier.exe
FileVersion: %yer%
CompanyName: NVIDIA Corporation
ProductName: Decimates Custard Unship Peridot Burdens Hardwoods Foreboder Fudge Heritages Balmier Intergroup
ProductVersion: %yer%
FileDescription: Periodicity Extremities
OriginalFilename: .exe
PEhash2ede66fc9d90a4b7da0aeafd12948bb45417e473
IMPhashacc72ff609f0eb5b4a4e160c22593dd5
AVCA (E-Trust Ino)No Virus
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/Crypt.ZPACK.183634
AVTwisterNo Virus
AVAd-AwareTrojan.GenericKD.3013648
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Injector.CRFI
AVGrisoft (avg)Crypt5.AEPE
AVSymantecNo Virus
AVFortinetW32/Kryptik.ELVN!tr
AVBitDefenderTrojan.GenericKD.3013648
AVK7No Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)No Virus
AVMalwareBytesTrojan.PasswordStealer
AVAuthentiumNo Virus
AVEmsisoftTrojan.GenericKD.3013648
AVFrisk (f-prot)No Virus
AVIkarusTrojan-Downloader.Win32.Karagany
AVZillya!No Virus
AVKasperskyNo Virus
AVTrend MicroNo Virus
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)No Virus
AVBullGuardTrojan.GenericKD.3013648
AVArcabit (arcavir)Trojan.GenericKD.3013648
AVClamAVNo Virus
AVDr. WebNo Virus
AVF-SecureTrojan.GenericKD.3013648

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
188.93.104.2
DNSeurope.pool.ntp.org
Type: A
213.154.236.182
DNSeurope.pool.ntp.org
Type: A
5.148.175.134
DNSeurope.pool.ntp.org
Type: A
87.124.126.49
DNSnorth-america.pool.ntp.org
Type: A
50.116.52.97
DNSnorth-america.pool.ntp.org
Type: A
66.246.75.245
DNSnorth-america.pool.ntp.org
Type: A
74.120.8.2
DNSnorth-america.pool.ntp.org
Type: A
142.137.247.109
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.4
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
190.111.251.235
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSasia.pool.ntp.org
Type: A
123.108.200.124
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSasia.pool.ntp.org
Type: A
211.233.84.186
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSoceania.pool.ntp.org
Type: A
192.189.54.17
DNSoceania.pool.ntp.org
Type: A
203.23.237.200
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSafrica.pool.ntp.org
Type: A
41.73.42.10
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSafrica.pool.ntp.org
Type: A
41.231.7.85
DNSafrica.pool.ntp.org
Type: A
41.231.53.4

Raw Pcap

Strings