Analysis Date2015-12-28 04:54:01
MD5a10dfde05330b654bcc7d23aa0d0ce14
SHA1ce2ce5a2cd80729abbdec8146bcd1df6ea58be35

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: a618be6e13bd5f054d5c417041dcd26e sha1: d62f72bd34c5610d5ffae25f0b54f901496103bb size: 131072
Section.rdata md5: b06ded2f3d02c05df3fa02ab7fa4f295 sha1: b84695e8f5bb3ffd633f4ac5dabd288d27441d54 size: 28672
Section.data md5: c9bb969464da614f63ab61a49790963d sha1: fc76383f96e6ed67902b8159c402b773ad6649c6 size: 24576
Timestamp2015-09-24 12:50:11
PackerMicrosoft Visual C++ ?.?
PEhashc1b632e6b6b12cd3baaf25fdc57c4ea2a94e476a
IMPhash4ee5de9c34c24318b384af04d1f84bff
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AU
AVMicroWorld (escan)Trojan.Generic.15095514
AVK7Trojan ( 004d2d741 )
AVZillya!Downloader.Wauchos.Win32.1936
AVMalwareBytesTrojan.Wauchos
AVFrisk (f-prot)no_virus
AVBullGuardTrojan.Generic.15095514
AVArcabit (arcavir)Trojan.Generic.15095514
AVTwisterno_virus
AVGrisoft (avg)Downloader.Small.QEU
AVF-SecureTrojan.Generic.15095514
AVEset (nod32)Win32/TrojanDownloader.Wauchos.AK
AVIkarusTrojan.Win32.Crypt
AVFortinetW32/Kryptik.DZLG!tr
AVRisingno_virus
AVKasperskyTrojan.Win32.Wauchos.al
AVTrend Microno_virus
AVAuthentiumW32/Trojan.DBZI-4018
AVClamAVno_virus
AVAd-AwareTrojan.Generic.15095514
AVAvira (antivir)Worm/Gamarue.188416
AVVirusBlokAda (vba32)Trojan.Wauchos
AVEmsisoftTrojan.Generic.15095514
AVSymantecDownloader.Dromedan
AVMcafeeGeneric.xb
AVCA (E-Trust Ino)no_virus
AVAlwil (avast)Susn-AX [Trj]
AVDr. WebBackDoor.Bebloh.108
AVBitDefenderTrojan.Generic.15095514
AVCAT (quickheal)Worm.Gamarue.r3

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
5.9.80.114
DNSeurope.pool.ntp.org
Type: A
5.196.160.139
DNSeurope.pool.ntp.org
Type: A
77.245.18.26
DNSeurope.pool.ntp.org
Type: A
129.70.132.36
DNSnorth-america.pool.ntp.org
Type: A
129.6.15.29
DNSnorth-america.pool.ntp.org
Type: A
50.116.38.157
DNSnorth-america.pool.ntp.org
Type: A
65.182.224.39
DNSnorth-america.pool.ntp.org
Type: A
69.164.194.139
DNSsouth-america.pool.ntp.org
Type: A
170.155.148.1
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.4
DNSsouth-america.pool.ntp.org
Type: A
200.1.22.6
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSasia.pool.ntp.org
Type: A
202.112.29.82
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
120.88.46.10
DNSasia.pool.ntp.org
Type: A
123.108.225.6
DNSoceania.pool.ntp.org
Type: A
202.60.94.11
DNSoceania.pool.ntp.org
Type: A
202.80.33.11
DNSoceania.pool.ntp.org
Type: A
203.206.205.83
DNSoceania.pool.ntp.org
Type: A
54.252.129.186
DNSafrica.pool.ntp.org
Type: A
197.80.150.123
DNSafrica.pool.ntp.org
Type: A
41.231.53.4
DNSafrica.pool.ntp.org
Type: A
168.167.252.243
DNSafrica.pool.ntp.org
Type: A
196.192.32.7

Raw Pcap

Strings