Analysis Date2015-11-16 23:02:00
MD5ef16fbc7f4088d9a0291785a6cca2600
SHA1ce3b63e009fd2733415f39efca6c968d70624d16

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 08e0dfaf8f640d2c2d2000ef5b16e205 sha1: aa4832ba70cdaa7bf44b008fb84efac90cc93b71 size: 11776
Section.data md5: 8fc66675485793269435ca71577d6ff9 sha1: 9a1df9704f448e2669eaeb95a892497618b8e9aa size: 3584
Section.rsrc md5: 9bba84c13aeaec88e7ed32e04a509d32 sha1: d26b541c8c70ed4ced688a55ec70c6b3b0daab6b size: 8704
Timestamp2014-04-25 19:06:39
PackerMicrosoft Visual C++ v6.0
PEhashf3c46271c329ee18ebaaa3ef64b8ad0e44cdc5dc
IMPhash049f5399cf4c2939b4ae13c73bde9a62
AVF-SecureGen:Trojan.Ipatre.1
AVAuthentiumW32/A-00000ab0!Eldorado
AVMalwareBytesTrojan.Upatre
AVDr. WebTrojan.DownLoad3.32980
AVGrisoft (avg)Generic_s.DJJ
AVMalwareBytesTrojan.Upatre
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVMicroWorld (escan)Gen:Trojan.Ipatre.1
AVTrend MicroTROJ_DALEXIS.SMF
AVClamAVWin.Trojan.Downloader-61420
AVTwisterTrojanDldr.Tiny.NKK.dagb
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVBitDefenderGen:Trojan.Ipatre.1
AVMicroWorld (escan)Gen:Trojan.Ipatre.1
AVAvira (antivir)TR/Tiny.uajsd
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVFortinetW32/Tiny.NKL!tr.dldr
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVIkarusTrojan-Downloader
AVKasperskyTrojan.Win32.Generic
AVVirusBlokAda (vba32)TrojanDropper.Demp
AVArcabit (arcavir)Gen:Trojan.Ipatre.1
AVMcafeePWSZbot-FTY!EF16FBC7F408
AVAvira (antivir)TR/Tiny.uajsd
AVAd-AwareGen:Trojan.Ipatre.1
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVSymantecDownloader
AVFortinetW32/Tiny.NKL!tr.dldr
AVK7Trojan-Downloader ( 004993d51 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Zemot.C
AVRisingno_virus
AVMcafeePWSZbot-FTY!EF16FBC7F408
AVTwisterTrojanDldr.Tiny.NKK.dagb
AVAd-AwareGen:Trojan.Ipatre.1
AVGrisoft (avg)Generic_s.DJJ
AVSymantecDownloader
AVBitDefenderGen:Trojan.Ipatre.1
AVK7Trojan-Downloader ( 004993d51 )
AVAuthentiumW32/A-00000ab0!Eldorado
AVFrisk (f-prot)no_virus
AVEmsisoftGen:Trojan.Ipatre.1
AVZillya!Downloader.Tiny.Win32.5710
AVCAT (quickheal)no_virus
AVPadvishno_virus
AVBullGuardGen:Trojan.Ipatre.1
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVIkarusTrojan-Downloader
AVFrisk (f-prot)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\temp_cab_72812.cab
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\ce3b63e009fd2733415f39efca6c968d70624d16.rtf
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSwindowsupdate.microsoft.com

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
191.232.80.55
DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.157
DNSwindowsupdate.microsoft.com
Type: A
HTTP GEThttp://windowsupdate.microsoft.com/
User-Agent: Opera/9.25 (Windows NT 6.0; U; en)
Flows TCP192.168.1.1:1031 ➝ 191.232.80.55:80

Raw Pcap

Strings