Analysis Date2015-12-04 08:14:37
MD5024394fe1a5ed0abda81215345ec8f61
SHA1cd0103b53c7677a3242f5febceaaecc44d7e5af9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: 2cdc2dfde4db67e67efb6895c9eeb00a sha1: 47029c2cd1e6b7e0330de02ccbee3b8f90e49f75 size: 296960
Section.sdata md5: 9f5332d8818f7d7d758df609930f9a82 sha1: 025d28d7743d36c7d6ab44fda9dcf7b648d6aa29 size: 512
Section.reloc md5: 2177c968a25f9ef75d79cc0a49462aad sha1: 14af6c6680dbfac2e1fede82e9d253d725d88368 size: 512
Timestamp2015-10-18 19:33:20
PackerMicrosoft Visual C# v7.0 / Basic .NET
PEhash48b30ef44e48e2d8352c0bb96dc0a2f394753a0c
IMPhashf34d5f2d4577ed6d9ceec516c1f5a744
AVKasperskyTrojan.Win32.Generic
AVPadvishno_virus
AVF-SecureTrojan.GenericKD.2820784
AVKasperskyTrojan.Win32.Generic
AVMicrosoft Security EssentialsBackdoor:MSIL/Bladabindi.AJ
AVMicroWorld (escan)Trojan.GenericKD.2820784
AVFortinetW32/Generic.Q!tr
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Msil
AVK7Trojan ( 700000121 )
AVMcafeeRDN/Generic BackDoor
AVMcafeeRDN/Generic BackDoor
AVMicrosoft Security EssentialsBackdoor:MSIL/Bladabindi.AJ
AVMicroWorld (escan)Trojan.GenericKD.2820784
AVEset (nod32)MSIL/Bladabindi.Q
AVEset (nod32)MSIL/Bladabindi.Q
AVFortinetW32/Generic.Q!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.GenericKD.2820784
AVGrisoft (avg)Packed3_c.SJ
AVIkarusTrojan.Msil
AVK7Trojan ( 700000121 )
AVMalwareBytesno_virus
AVMalwareBytesno_virus
AVAd-AwareTrojan.GenericKD.2820784
AVBullGuardTrojan.GenericKD.2820784
AVBullGuardTrojan.GenericKD.2820784
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAuthentiumW32/Backdoor.YQQN-0126
AVCA (E-Trust Ino)no_virus
AVCA (E-Trust Ino)no_virus
AVAuthentiumW32/Backdoor.YQQN-0126
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVCAT (quickheal)no_virus
AVCAT (quickheal)no_virus
AVAd-AwareTrojan.GenericKD.2820784
AVAvira (antivir)TR/Dropper.Gen
AVClamAVno_virus
AVClamAVno_virus
AVAvira (antivir)TR/Dropper.Gen
AVGrisoft (avg)Packed3_c.SJ
AVDr. WebTrojan.DownLoader17.28354
AVDr. WebTrojan.DownLoader17.28354
AVArcabit (arcavir)Trojan.GenericKD.2820784
AVBitDefenderTrojan.GenericKD.2820784
AVEmsisoftTrojan.GenericKD.2820784
AVEmsisoftTrojan.GenericKD.2820784
AVBitDefenderTrojan.GenericKD.2820784
AVArcabit (arcavir)Error Scanning File
AVPadvishno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Processdw20.exe -x -s 312

Process
↳ dw20.exe -x -s 312

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dw.log
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\12BFC.dmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\12BFC.dmp
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:


Raw Pcap

Strings