Analysis Date2016-01-09 21:44:40
MD5bb6bed38d5e91a73bea6a5fc07be3a2c
SHA1dc9fefbeeaa8d00da42ef62a716bc6281d8d78d0

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 12b39e27eb4148681ab05caca3642207 sha1: dead8b28997e9584a581e96cdce42b89c858a13c size: 16384
Section.rdata md5: 44dddfce32d6ac0ac5d215c3d1dda84a sha1: a56b95ba79cb85f28d52cfb8ef35083e66d66d09 size: 16384
Section.data md5: 547eb74ebb4bdd7a88fb09958cdfb8c0 sha1: 759ea0c96665990036879267f6a2837eda8d76c3 size: 24576
Section.rsrc md5: 5f95619dfbb7353d1c7922f136af0d3a sha1: 8aa951779c53a7008d4746e64d0ce146ad14e40c size: 24576
Timestamp2015-09-29 13:13:47
VersionBuildVersion: 7, 17, 8, 793
PackerInstaller VISE Custom
PEhash63deab01c26dd9f0b69cd8bb8ba6841b29d8975f
IMPhash0972794ca90574b09d1f0b9663940dac
AVCA (E-Trust Ino)No Virus
AVF-SecureTrojan.Agent.BNBQ
AVDr. WebTrojan.Upatre.8519
AVClamAVNo Virus
AVArcabit (arcavir)Trojan.D
AVBullGuardTrojan.Agent.BNBQ
AVVirusBlokAda (vba32)Backdoor.Caphaw
AVCAT (quickheal)TrojanDownloader.Upatre.RF4
AVTrend MicroTROJ_UP.886C385B
AVKasperskyTrojan.Win32.Generic
AVZillya!No Virus
AVEmsisoftTrojan.Agent.BNBQ
AVIkarusTrojan.Injector
AVFrisk (f-prot)W32/Trojan3.RWP
AVAuthentiumW32/Trojan3.RWP
AVMalwareBytesTrojan.MalPack
AVMicroWorld (escan)Trojan.Agent.BNBQ
AVMicrosoft Security EssentialsNo Virus
AVK7Trojan-Downloader ( 004cd6931 )
AVBitDefenderTrojan.Agent.BNBQ
AVFortinetW32/Waski.Z!tr
AVSymantecDownloader.Upatre!g14
AVGrisoft (avg)Crypt4.COXC
AVEset (nod32)Win32/TrojanDownloader.Waski.Z
AVAlwil (avast)Win32:Trojan-gen
AVRisingNo Virus
AVAd-AwareTrojan.Agent.BNBQ
AVTwisterTrojanDldr.Waski.Z.wygw
AVAvira (antivir)TR/Kryptik.abbojx
AVMcafeeDownloader-FAXI!BB6BED38D5E9

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:

DNSicanhazip.com
Type: A
64.182.208.184
DNSicanhazip.com
Type: A
64.182.208.185
HTTP GEThttp://icanhazip.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36
HTTP GEThttp://197.149.90.166:12110/30M12/COMPUTER-XXXXXX/0/51-SP3/0/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36
Flows TCP192.168.1.1:1031 ➝ 64.182.208.184:80
Flows TCP192.168.1.1:1032 ➝ 197.149.90.166:12110
Flows TCP192.168.1.1:1033 ➝ 72.230.82.80:443
Flows TCP192.168.1.1:1034 ➝ 72.230.82.80:443
Flows TCP192.168.1.1:1035 ➝ 72.230.82.80:443
Flows TCP192.168.1.1:1036 ➝ 72.230.82.80:443
Flows TCP192.168.1.1:1037 ➝ 173.248.31.6:443
Flows TCP192.168.1.1:1038 ➝ 173.248.31.6:443
Flows TCP192.168.1.1:1039 ➝ 173.248.31.6:443
Flows TCP192.168.1.1:1040 ➝ 173.248.31.6:443
Flows TCP192.168.1.1:1041 ➝ 69.9.204.114:443
Flows TCP192.168.1.1:1042 ➝ 69.9.204.114:443
Flows TCP192.168.1.1:1043 ➝ 69.9.204.114:443
Flows TCP192.168.1.1:1044 ➝ 69.9.204.114:443
Flows TCP192.168.1.1:1045 ➝ 69.144.171.44:443
Flows TCP192.168.1.1:1046 ➝ 69.144.171.44:443
Flows TCP192.168.1.1:1047 ➝ 69.144.171.44:443
Flows TCP192.168.1.1:1048 ➝ 69.144.171.44:443
Flows TCP192.168.1.1:1049 ➝ 24.148.217.188:443
Flows TCP192.168.1.1:1050 ➝ 24.148.217.188:443
Flows TCP192.168.1.1:1051 ➝ 24.148.217.188:443
Flows TCP192.168.1.1:1052 ➝ 24.148.217.188:443
Flows TCP192.168.1.1:1053 ➝ 173.216.247.74:443
Flows TCP192.168.1.1:1054 ➝ 173.216.247.74:443
Flows TCP192.168.1.1:1055 ➝ 173.216.247.74:443
Flows TCP192.168.1.1:1056 ➝ 173.216.247.74:443
Flows TCP192.168.1.1:1057 ➝ 77.48.30.156:443
Flows TCP192.168.1.1:1058 ➝ 77.48.30.156:443

Raw Pcap

Strings