Analysis Date2015-12-26 14:51:15
MD58c1bc40e5c8f0152d4e97e32a03be1c6
SHA1dd79f0a5f3303b367a801d460093fb386f5da9f5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e076dd50b370f120b92356d68464c7de sha1: 1c667a2682dfc12bfd922e78d7cc22b53594536d size: 68096
Section.rdata md5: 910018edaf2d6be326062cf0eb3a705f sha1: b24859c4a2053b982dc156641301c7fe0bd09aed size: 10752
Section.data md5: af7d9393446de51b2abb3cacb7a45d13 sha1: 409571482d3de2197b16b147c129a10e64296629 size: 10240
Section.gyhjkgh md5: abb866119cfee6ad2703b3a03167fd66 sha1: ecad296904fcc90c8cc69d9ff158304baac8765c size: 23040
Section.fgher md5: 51c74d916e51879c3802dbed2d38536a sha1: 50921e752470266630cc7a4348d5c8b77cc5e05f size: 5632
Section.rsrc md5: 62b66e4c82a94503f1842fb035161911 sha1: 79be840f0a613dd6db8c32a673df60ce8283db20 size: 1536
Section.reloc md5: 1ea4b1ec5f59dadbb65cf240e3fa769e sha1: ea617b930fc54d6687364e7c728f69299caf96bd size: 4608
Timestamp2015-09-28 05:46:57
VersionLegalCopyright: drtudsetxtjhxertsxer
InternalName: drtudsetxtjhxertsxer
FileVersion: 3.10.349.0
CompanyName: drtudsetxtjhxertsxer
LegalTrademarks1: drtudsetxtjhxertsxer
LegalTrademarks2: drtudsetxtjhxertsxer
ProductName: drtudsetxtjhxertsxer
ProductVersion: 3.10
FileDescription: vbxzewrtsxrtsrgzxgzdf
OriginalFilename: drtudsetxtjhxertsxer
PackerMicrosoft Visual C++ ?.?
PEhash7d7497a4fbeed1bc643d0b14d7124e8e7b9dba47
IMPhashb6f9084ab0772acf50979968d33de76c
AVEset (nod32)Win32/Kryptik.DYIS
AVFrisk (f-prot)no_virus
AVBullGuardGen:Variant.Kazy.575686
AVDr. WebTrojan.Siggen.65341
AVMalwareBytesRansom.CryptoWall
AVKasperskyTrojan.Win32.Generic
AVTwisterTrojan.Girtk.DYIS.pgth
AVMcafeeRDN/Ransom
AVIkarusTrojan-Downloader.Win32.Andromeda
AVVirusBlokAda (vba32)Backdoor.Androm
AVAlwil (avast)Dropper-gen [Drp]
AVTrend MicroRansom_.0A217DD0
AVGrisoft (avg)Crypt4.CMVI
AVK7Trojan ( 004d2a4d1 )
AVRisingno_virus
AVZillya!Trojan.Kryptik.Win32.798266
AVFortinetW32/Kryptik.DYFJ!tr
AVAvira (antivir)TR/Crypt.Xpack.285162
AVSymantecTrojan.Gen
AVCAT (quickheal)Worm.Gamarue.WR6
AVF-SecureGen:Variant.Kazy.575686
AVEmsisoftGen:Variant.Kazy.575686
AVBitDefenderGen:Variant.Kazy.575686
AVMicroWorld (escan)Gen:Variant.Kazy.575686
AVClamAVno_virus
AVAd-AwareGen:Variant.Kazy.575686
AVAuthentiumW32/S-b4965596!Eldorado
AVMicrosoft Security EssentialsWorm:Win32/Gamarue!rfn
AVCA (E-Trust Ino)no_virus
AVArcabit (arcavir)Gen:Variant.Kazy.575686

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe
Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Process
↳ C:\WINDOWS\system32\msiexec.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
178.18.118.13
DNSeurope.pool.ntp.org
Type: A
212.43.246.10
DNSeurope.pool.ntp.org
Type: A
85.25.105.106
DNSeurope.pool.ntp.org
Type: A
87.195.109.220
DNSnorth-america.pool.ntp.org
Type: A
198.211.106.151
DNSnorth-america.pool.ntp.org
Type: A
67.217.112.181
DNSnorth-america.pool.ntp.org
Type: A
69.167.160.102
DNSnorth-america.pool.ntp.org
Type: A
142.54.181.202
DNSsouth-america.pool.ntp.org
Type: A
146.164.48.5
DNSsouth-america.pool.ntp.org
Type: A
190.19.161.192
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSasia.pool.ntp.org
Type: A
193.29.53.170
DNSasia.pool.ntp.org
Type: A
218.186.3.36
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
120.88.46.10
DNSoceania.pool.ntp.org
Type: A
54.252.161.68
DNSoceania.pool.ntp.org
Type: A
121.0.0.42
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
197.84.150.123
DNSafrica.pool.ntp.org
Type: A
41.79.80.34
DNSafrica.pool.ntp.org
Type: A
196.223.19.3

Raw Pcap

Strings