Analysis Date2015-11-04 06:39:55
MD58593bf3b40e010e9b8046d6e9dd24904
SHA1d86a5fa81248dc2ac9d3d9bcbebc881f0288ca49

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5726a217233c3223e6ccbeb5198342b7 sha1: 53537bab9deff9f1284477b2e43f1cd9748a4b1a size: 6144
Section.rdata md5: 1f9f44e768a657f0e9f43238e4e8362d sha1: ba999435fe79bc79f7eba1a30744ee897766eccf size: 4096
Section.data md5: 3d2c32cd305b870f75c495ef166660b0 sha1: c945619eefc41455bce1755c45433ff7f3d8694c size: 2048
Section.rsrc md5: 8baa58f78d8861a0306d81dfbf0636d3 sha1: 72bdc238b35754be9f914720be255c45e5033f2e size: 19968
Timestamp2012-12-26 07:04:22
PackerMicrosoft Visual C 2.0
PEhashf0254163396cc975a66ac694a20d074f92c8815b
IMPhash012c63bb5f7f1ff21471f621b5d79f47
AVCA (E-Trust Ino)No Virus
AVCA (E-Trust Ino)No Virus
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeDownloader-FASG!8593BF3B40E0
AVAvira (antivir)TR/Crypt.ZPACK.160092
AVTwisterNo Virus
AVAd-AwareTrojan.Downloader.JRTI
AVAlwil (avast)GenMalicious-KNL [Trj]
AVEset (nod32)Win32/Kryptik.DIGI
AVGrisoft (avg)Crypt_s.IMB
AVSymantecDownloader.Upatre!gen5
AVFortinetW32/Kryptic.ABGK!tr
AVBitDefenderTrojan.Downloader.JRTI
AVK7Trojan ( 004c29131 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.G
AVMicroWorld (escan)Trojan.Downloader.JRTI
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.Q.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.Q.gen!Eldorado
AVIkarusTrojan.VB.Crypt
AVEmsisoftTrojan.Downloader.JRTI
AVZillya!No Virus
AVKasperskyTrojan-Downloader.Win32.Upatre.aetm
AVTrend MicroNo Virus
AVCAT (quickheal)Trojan.Kadena.B4
AVVirusBlokAda (vba32)No Virus
AVPadvishNo Virus
AVBullGuardTrojan.Downloader.JRTI
AVArcabit (arcavir)Trojan.Downloader.JRTI
AVClamAVNo Virus
AVDr. WebTrojan.Upatre.1072
AVF-SecureTrojan.Downloader.JRTI
AVRisingTrojan.Win32.Kryptik.af
AVMcafeeDownloader-FASG!8593BF3B40E0
AVAvira (antivir)TR/Crypt.ZPACK.160092
AVTwisterNo Virus
AVAd-AwareTrojan.Downloader.JRTI
AVAlwil (avast)GenMalicious-KNL [Trj]
AVEset (nod32)Win32/Kryptik.DIGI
AVGrisoft (avg)Crypt_s.IMB
AVSymantecDownloader.Upatre!gen5
AVFortinetW32/Kryptic.ABGK!tr
AVBitDefenderTrojan.Downloader.JRTI
AVK7Trojan ( 004c29131 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.G
AVMicroWorld (escan)Trojan.Downloader.JRTI
AVMalwareBytesTrojan.Upatre
AVAuthentiumW32/Dalexis.Q.gen!Eldorado
AVFrisk (f-prot)W32/Dalexis.Q.gen!Eldorado

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\InstallXul.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\Xulantar.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2b6e_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 200
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1452 -e 156 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 200

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1452 -e 156 -g

Network Details:


Raw Pcap

Strings