Analysis Date2016-02-04 08:40:24
MD55b2b3b9d5116de9694a990572459999d
SHA1d495cc89410675e558412f2b3ecf40c6d8c88fdc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.code md5: 20fcbdc30094296f14f397ec8ff200ba sha1: ca47c6b56dd2116c941f56c70edc0a5293faecab size: 16384
Section.text md5: f7108893a5726370e57b3952b713374d sha1: 7a019e3999a8546d4127e874ef370e3e96b73a34 size: 13824
Section.rdata md5: f8c6bbb0472092128f9ea67dea12515f sha1: 5e092c1d7e58fd8a714094cd88f1649ecf7dc1ab size: 512
Section.data md5: cba49b97c2e5d7702ee1c6e4a3afef62 sha1: e77f488839c0fb26822ddc991881248a1cb2dcfd size: 29184
Section.rsrc md5: cb6cd64d56a717978f5a1638c2939397 sha1: eca5c5f5f84bcd2cd50f3d524a0bb0e9ffe76021 size: 1536
Timestamp2016-01-30 15:12:20
VersionCompanyName: NVIDIA Corporation
PEhash03637a3a2b8697ac8f7dea3c8e8d0a568f11523c
IMPhash10c69da9cae7756ba5d41e3c3024d277
AVCA (E-Trust Ino)No Virus
AVF-SecureNo Virus
AVDr. WebTrojan.Encoder.3680
AVClamAVNo Virus
AVArcabit (arcavir)No Virus
AVBullGuardNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVTrend MicroNo Virus
AVKasperskyNo Virus
AVZillya!No Virus
AVIkarusTrojan-Downloader.Win32.Wauchos
AVFrisk (f-prot)No Virus
AVEmsisoftNo Virus
AVAuthentiumNo Virus
AVMalwareBytesWorm.Gamarue
AVMicroWorld (escan)No Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVK7No Virus
AVBitDefenderNo Virus
AVFortinetW32/Wauchos.BD!tr.dldr
AVSymantecNo Virus
AVGrisoft (avg)Downloader.Small.QNX
AVEset (nod32)Win32/TrojanDownloader.Wauchos.BD
AVAlwil (avast)No Virus
AVRisingNo Virus
AVAd-AwareNo Virus
AVTwisterNo Virus
AVAvira (antivir)TR/Crypt.ZPACK.191682
AVMcafeeFareit-FCZ!5B2B3B9D5116

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
79.142.192.4
DNSeurope.pool.ntp.org
Type: A
178.32.54.53
DNSeurope.pool.ntp.org
Type: A
194.54.80.28
DNSeurope.pool.ntp.org
Type: A
194.57.169.1
DNSnorth-america.pool.ntp.org
Type: A
128.138.141.172
DNSnorth-america.pool.ntp.org
Type: A
74.120.8.2
DNSnorth-america.pool.ntp.org
Type: A
96.126.105.86
DNSnorth-america.pool.ntp.org
Type: A
96.244.96.19
DNSsouth-america.pool.ntp.org
Type: A
131.0.232.2
DNSsouth-america.pool.ntp.org
Type: A
146.164.48.5
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSsouth-america.pool.ntp.org
Type: A
200.1.22.6
DNSasia.pool.ntp.org
Type: A
78.111.50.52
DNSasia.pool.ntp.org
Type: A
185.23.153.237
DNSasia.pool.ntp.org
Type: A
59.149.185.193
DNSasia.pool.ntp.org
Type: A
62.201.225.9
DNSoceania.pool.ntp.org
Type: A
54.252.161.68
DNSoceania.pool.ntp.org
Type: A
103.242.70.5
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
121.0.0.42
DNSafrica.pool.ntp.org
Type: A
196.10.55.57
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSafrica.pool.ntp.org
Type: A
41.222.88.32
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSpool.ntp.org
Type: A
108.61.194.85
DNSpool.ntp.org
Type: A
131.107.13.100
DNSpool.ntp.org
Type: A
198.100.30.94
DNSpool.ntp.org
Type: A
209.208.79.69

Raw Pcap

Strings