Analysis Date2015-06-09 23:12:21
MD5266123bb3e9410826ce77fea6fe36b8f
SHA1d1fc04548d5e05cb28dbdc1c548b766a0ba1ba65

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 22d1e88b117402617693e9601becbdda sha1: b0e790cbcda3451ff7a4cf94866439bfb030892b size: 15872
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.xcpad md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 0b6d2c49a0c581aac667520fe1d64be9 sha1: a586ae8e761b7a3c2dcf7c09daecc422b50c4229 size: 1024
Section.reloc md5: 1d2826c44311e3eea7285e947f031826 sha1: 151a275336fe91e4b1ac431cddfb43c73c5b6186 size: 512
Section.rsrc md5: 102322ec16d806ccc988b0be9791446c sha1: f1c2ddb00d4c56a2a362ce0bd4193e54a07216f5 size: 4096
Timestamp1970-01-01 00:00:15
VersionPackagerVersion: 7.0.162
Packager: Xenocode Postbuild 2009 for .NET Beta
FileDescription:
Comments:
CompanyName:
PEhash3bb642bf8c5c67e55a8e688aaa17519b03312910
IMPhash4582ffdd7eb98cb63a937096204182b7
AVMicrosoft Security Essentialsno_virus
AVArcabit (arcavir)Gen:Heur.Codenox.2
AVMcafeeno_virus
AVAuthentiumW32/Backdoor.WGGH-4735
AVK7no_virus
AVEmsisoftGen:Heur.Codenox.2
AVTrend MicroTROJ_GEN.R27E1AI
AVFrisk (f-prot)W32/BackdoorX.DZRA
AVZillya!no_virus
AVMicroWorld (escan)Gen:Heur.Codenox.2
AVClamAVWin.Trojan.Poison-2610
AVCAT (quickheal)no_virus
AVAvira (antivir)TR/Crypt.XPACK.Gen2
AVVirusBlokAda (vba32)no_virus
AVEset (nod32)Win32/Bifrose.NEV
AVF-SecureGen:Heur.Codenox.2
AVKasperskyno_virus
AVCA (E-Trust Ino)no_virus
AVGrisoft (avg)BackDoor.Generic12.BYL
AVDr. WebTrojan.DownLoader.64331
AVBitDefenderGen:Heur.Codenox.2
AVFortinetW32/BackDoor.CSY!tr
AVAd-AwareGen:Heur.Codenox.2
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVSymantecTrojan.ADH
AVMalwareBytesno_virus
AVTwisterSuspicious.6683@14E80766.mg
AVIkarusBackdoor.Poison
AVBullGuardGen:Heur.Codenox.2
AVPadvishno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates Process"C:\Server.exe"
Creates Mutex_xvm_mtx_file_0x74A102FE
Creates Mutex_xvm_mtx_other_0x74A102FE
Creates Mutex_xvm_mtx_reg_0x74A102FE

Process
↳ "C:\Server.exe"

Creates Mutex_xvm_mtx_file_0x74A102FE
Creates Mutex_xvm_mtx_other_0x74A102FE
Creates MutexDBWinMutex
Creates Mutex_xvm_mtx_reg_0x74A102FE

Network Details:


Raw Pcap

Strings