Analysis Date2016-01-28 10:43:06
MD5deaf0f3dc083ab4c4eaa1925c38e6479
SHA1d10c8bb5bef48cda25c908aaceb4d0165c385725

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash39200ea743e6c29f0ea731a195d023ba03ffcf5b
IMPhash
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVTwisterTrojan.Generic.yuxm
AVAd-AwareTrojan.Injector.BLT
AVAlwil (avast)Crypt-IJ [Trj]
AVEset (nod32)Win32/TrojanDownloader.Wauchos.AK
AVGrisoft (avg)Downloader.Small.MXC
AVSymantecSuspicious.MH690
AVFortinetW32/Wauchos.AK!tr
AVBitDefenderTrojan.Injector.BLT
AVK7No Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVMicroWorld (escan)Trojan.Injector.BLT
AVMalwareBytesTrojan.Agent
AVAuthentiumW32/Wauchos.QDIC-3438
AVFrisk (f-prot)W32/Wauchos.A
AVIkarusGeneric.PWS.Games
AVEmsisoftTrojan.Injector.BLT
AVZillya!No Virus
AVKasperskyTrojan-Downloader.Win32.Wauchos.v
AVTrend MicroNo Virus
AVCAT (quickheal)Worm.Gamarue.AR2
AVVirusBlokAda (vba32)SScope.Worm.Ngrbot
AVBullGuardTrojan.Injector.BLT
AVArcabit (arcavir)Trojan.Injector.BLT
AVClamAVNo Virus
AVDr. WebBackDoor.Andromeda.614
AVF-SecureTrojan.Injector.BLT
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Deletes FileC:\malware.exe
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSupdate.microsoft.com
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
93.180.6.3
DNSeurope.pool.ntp.org
Type: A
193.175.73.151
DNSeurope.pool.ntp.org
Type: A
46.4.24.238
DNSeurope.pool.ntp.org
Type: A
78.129.190.21
DNSnorth-america.pool.ntp.org
Type: A
208.88.126.226
DNSnorth-america.pool.ntp.org
Type: A
44.12.6.37
DNSnorth-america.pool.ntp.org
Type: A
69.164.201.165
DNSnorth-america.pool.ntp.org
Type: A
97.107.128.58
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
200.11.116.10
DNSsouth-america.pool.ntp.org
Type: A
200.20.186.76
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.193
DNSasia.pool.ntp.org
Type: A
91.201.214.3
DNSasia.pool.ntp.org
Type: A
125.62.193.121
DNSasia.pool.ntp.org
Type: A
211.233.84.186
DNSasia.pool.ntp.org
Type: A
218.186.3.36
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSafrica.pool.ntp.org
Type: A
196.10.55.57
DNSafrica.pool.ntp.org
Type: A
41.231.7.85
DNSafrica.pool.ntp.org
Type: A
41.231.53.4
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSpool.ntp.org
Type: A
66.228.59.187
DNSpool.ntp.org
Type: A
96.126.105.86
DNSpool.ntp.org
Type: A
142.54.181.202
DNSpool.ntp.org
Type: A
52.6.160.3
DNSwww.update.microsoft.com.nsatc.net
Type: A
134.170.58.222
DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.190
DNSupdate.microsoft.com
Type: A
DNSatomictrivia.ru
Type: A
Flows UDP192.168.1.1:1038 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1039 ➝ 134.170.58.222:80
Flows UDP192.168.1.1:1040 ➝ 8.8.4.4:53

Raw Pcap

Strings