Analysis Date2015-06-08 12:30:41
MD5b5b8725288379e47841b3abb127501ee
SHA1d0eb41cbea175a23d5be3e7a4f288da1e48b75ad

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: 476609cfc943667cf619206191e9e9da sha1: e711c01927b5ffb76124a3635b4d750ace8bb1f6 size: 19968
SectionDATA md5: 94bbc8d07c25f5fcb945e250464c0d7b sha1: 6d4a17068bce211cca514882f2d129937e916681 size: 512
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 26c1dda5d788d86d5f1b026c590d3904 sha1: 485c9f3c87acf4922891a54430bfa91782d68cc2 size: 2560
Section.reloc md5: 6365a95fc8e703a2eb3859ed7a526391 sha1: 7c0b8587785219d293c959fdd81c08d00ff929b2 size: 1536
Section.rsrc md5: 8645a70336974fdeb23a8d43006d7736 sha1: 0f9b63f8a930e4a537e85465adbc751a30e67160 size: 1024
Timestamp1992-06-19 22:22:17
PackerBobSoft Mini Delphi -> BoB / BobSoft
PEhashfccad433c6f5d085ae1400613b3984709a79f8eb
IMPhashaf773a5685a32d58b52764e8c34dc3c5
AVRisingno_virus
AVMcafeeno_virus
AVAvira (antivir)BDS/Hupigon.Gen
AVTwisterTrojan.2EC4CB184E6E4B11
AVAd-AwareGen:Variant.Zusy.Elzob.20828
AVAlwil (avast)NewPos-B [Trj]
AVEset (nod32)Win32/Delf.OJK
AVGrisoft (avg)Agent4.APE
AVSymantecBackdoor.Bezigate
AVFortinetW32/Delf.OIH!tr
AVBitDefenderGen:Variant.Zusy.Elzob.20828
AVK7Trojan ( 003f0ca71 )
AVMicrosoft Security EssentialsBackdoor:Win32/Bezigate.B
AVMicroWorld (escan)Gen:Variant.Zusy.Elzob.20828
AVMalwareBytesTrojan.Backdoor.DF
AVAuthentiumW32/Trojan.RMGV-1678
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Agent4
AVEmsisoftGen:Variant.Zusy.Elzob.20828
AVZillya!Trojan.Agent.Win32.365777
AVKasperskyTrojan.Win32.Agent.vbpb
AVTrend Microno_virus
AVCAT (quickheal)Trojan.Agen.r6
AVVirusBlokAda (vba32)Trojan.Agent.vbpb
AVPadvishMalware.Trojan.jwyb
AVBullGuardGen:Variant.Zusy.Elzob.20828
AVArcabit (arcavir)Gen:Variant.Zusy.Elzob.20828
AVClamAVWin.Trojan.Agent-20018
AVDr. WebTrojan.DownLoad3.17794
AVF-SecureGen:Variant.Zusy.Elzob.20828
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Filec:\windows\server.exe
Creates Processc:\windows\server.exe
Creates MutexEXwPcOypsFQJA

Process
↳ c:\windows\server.exe

Creates File\Device\Afd\Endpoint
Creates MutexEXwPcOypsFQJA

Network Details:


Raw Pcap

Strings