Analysis Date2015-11-29 21:32:56
MD5cf342cf791d0f1904cb0d71d163a493c
SHA1d989e4dafc4940d6c819fe25f5b4b6d636d1389e

Static Details:

File typePE32 executable for MS Windows (console) Intel 80386 32-bit
Section.text md5: c9384db45508cfd0a153fc08379ce327 sha1: 6df72abffb08b0ee392dbe084c9f9263934e8854 size: 45056
Section.data md5: 9b064fd56f1c9e89b99f2aa7c5c730e0 sha1: e9a47bcf829bc0804c11882346e98471b20fa9d4 size: 12288
Timestamp2015-09-30 04:40:34
Pdb pathrevoke0.pdb
PEhashce739c67c92aef22c6a5016833aee6e11085132c
IMPhash8fef50df022b636a697ae534761ce8d6
AVEset (nod32)Win32/Kryptik.DYVW
AVMicroWorld (escan)Gen:Variant.Zusy.164349
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVArcabit (arcavir)Gen:Variant.Zusy.164349
AVAvira (antivir)TR/Crypt.ZPACK.196115
AVFortinetW32/Kryptik.DWDX!tr
AVBitDefenderGen:Variant.Zusy.164349
AVMcafeePacked-FH!CF342CF791D0
AVFrisk (f-prot)no_virus
AVAd-AwareGen:Variant.Zusy.164349
AVRisingno_virus
AVClamAVno_virus
AVTrend Microno_virus
AVF-SecureGen:Variant.Zusy.164349
AVMalwareBytesBackdoor.Andromeda
AVCA (E-Trust Ino)no_virus
AVIkarusTrojan.Win32.Crypt
AVKasperskyTrojan.Win32.Generic
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVGrisoft (avg)Cryptic.EXW
AVSymantecno_virus
AVAd-AwareGen:Variant.Zusy.164349
AVK7Trojan ( 004d485b1 )
AVEmsisoftGen:Variant.Zusy.164349
AVAuthentiumW32/S-da04db48!Eldorado
AVKasperskyTrojan.Win32.Generic
AVPadvishno_virus
AVZillya!no_virus
AVCAT (quickheal)Worm.Gamarue.r2
AVVirusBlokAda (vba32)no_virus
AVBullGuardGen:Variant.Zusy.164349
AVF-SecureGen:Variant.Zusy.164349
AVClamAVno_virus
AVTrend Microno_virus
AVMalwareBytesBackdoor.Andromeda
AVIkarusTrojan.Win32.Crypt
AVFortinetW32/Kryptik.DWDX!tr
AVArcabit (arcavir)Gen:Variant.Zusy.164349
AVAvira (antivir)TR/Crypt.ZPACK.196115
AVPadvishno_virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVTwisterno_virus
AVDr. WebTrojan.DownLoader17.29692
AVRisingno_virus
AVFrisk (f-prot)no_virus
AVMcafeePacked-FH!CF342CF791D0
AVCAT (quickheal)Worm.Gamarue.r2
AVBitDefenderGen:Variant.Zusy.164349

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe
Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Process
↳ C:\WINDOWS\system32\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
85.10.246.226
DNSeurope.pool.ntp.org
Type: A
95.158.95.123
DNSeurope.pool.ntp.org
Type: A
109.75.223.1
DNSeurope.pool.ntp.org
Type: A
195.154.97.57
DNSnorth-america.pool.ntp.org
Type: A
192.241.206.171
DNSnorth-america.pool.ntp.org
Type: A
198.60.73.8
DNSnorth-america.pool.ntp.org
Type: A
50.22.155.163
DNSnorth-america.pool.ntp.org
Type: A
96.126.105.86
DNSsouth-america.pool.ntp.org
Type: A
190.64.134.52
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
179.60.247.252
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSasia.pool.ntp.org
Type: A
168.63.242.24
DNSasia.pool.ntp.org
Type: A
52.69.228.202
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
160.16.101.116

Raw Pcap

Strings