Analysis Date2016-01-28 05:53:59
MD505a0603714d9fa79d17a157c706dee2c
SHA1d87805fc231bcb52c5c38f2cb7bda08a9b900a6a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4e1e95ab087c7fac59fe99f7cbe5aa64 sha1: 206b905caa337b4cf3090bd1d4f0616a6a60bc40 size: 57344
Section.rdata md5: 85573cafd3be76eae29d460390549a60 sha1: 5f2535ba549ea452810fede4385bc57c49b0ca1f size: 32768
Section.data md5: 428469cc23bb8e9964c94ed7a23f3829 sha1: cc30f9dcabeb38e6818aa215912983f4b9e29793 size: 8192
Section.rsrc md5: 87aed33593e3a0aa598a52c677d16115 sha1: 4b3e5e4eda4d14a3ae75bec0509b96b6bd5b8e5a size: 1048576
Timestamp2015-06-24 10:41:20
PackerMicrosoft Visual C++ ?.?
PEhash32354a206c6d4bba2b2482cde55764347ca6973a
IMPhashdb4b7f301160e1c67968bca85a92d9c0
AVCA (E-Trust Ino)No Virus
AVF-SecureTrojan:W32/Gamarue.F
AVDr. WebBackDoor.Andromeda.614
AVClamAVWin.Trojan.Agent-922666
AVArcabit (arcavir)Trojan.Agent.BKVK
AVBullGuardTrojan.Agent.BKVK
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)Trojan.Wauchos
AVTrend MicroNo Virus
AVKasperskyTrojan.Win32.Wauchos.a
AVZillya!Trojan.Bundpil.Win32.177
AVIkarusWorm.Win32.Bundpil
AVFrisk (f-prot)No Virus
AVEmsisoftTrojan.Agent.BKVK
AVAuthentiumNo Virus
AVMalwareBytesTrojan.Upatre.Gen
AVMicroWorld (escan)Trojan.Agent.BKVK
AVMicrosoft Security EssentialsVirTool:Win32/CeeInject.GO
AVK7Trojan ( 004c848c1 )
AVBitDefenderTrojan.Agent.BKVK
AVFortinetW32/Generic.CZ!tr
AVSymantecDownloader.Dromedan
AVGrisoft (avg)Generic_r.FMU
AVEset (nod32)Win32/Bundpil.CZ.gen worm
AVAlwil (avast)MalOb-LV [Cryp]
AVRisingNo Virus
AVAd-AwareTrojan.Agent.BKVK
AVTwisterW32.Bundpil.CZ.gen.wifz
AVAvira (antivir)Worm/Gamarue.1151820.4
AVMcafeeNo Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
87.233.197.123
DNSeurope.pool.ntp.org
Type: A
176.221.42.125
DNSeurope.pool.ntp.org
Type: A
81.16.34.161
DNSeurope.pool.ntp.org
Type: A
84.2.44.19
DNSnorth-america.pool.ntp.org
Type: A
50.116.55.65
DNSnorth-america.pool.ntp.org
Type: A
96.244.96.19
DNSnorth-america.pool.ntp.org
Type: A
129.6.15.28
DNSnorth-america.pool.ntp.org
Type: A
129.6.15.30
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.198
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSsouth-america.pool.ntp.org
Type: A
201.49.148.135
DNSsouth-america.pool.ntp.org
Type: A
146.164.48.5
DNSasia.pool.ntp.org
Type: A
212.26.18.41
DNSasia.pool.ntp.org
Type: A
104.41.190.151
DNSasia.pool.ntp.org
Type: A
157.7.235.92
DNSasia.pool.ntp.org
Type: A
211.233.40.78
DNSoceania.pool.ntp.org
Type: A
192.189.54.17
DNSoceania.pool.ntp.org
Type: A
219.88.71.36
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSafrica.pool.ntp.org
Type: A
41.231.53.4
DNSafrica.pool.ntp.org
Type: A
196.10.52.57
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
41.73.42.10
DNSpool.ntp.org
Type: A
209.208.79.69
DNSpool.ntp.org
Type: A
96.244.96.19
DNSpool.ntp.org
Type: A
108.61.73.244
DNSpool.ntp.org
Type: A
132.163.4.102

Raw Pcap

Strings