Analysis Date2015-12-02 07:02:30
MD5388abd766e1236be01964e0eeb06bac2
SHA1de9adc99343ed265d0e439b3e4b7f5f348b595b8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f398ed5b639aa69c35a500631f00c48d sha1: 85f2f226e3906304cb829d0a575bfec67f1f519f size: 20480
Section.data md5: 600f5e1842abfc385d0198ab437bf10f sha1: 7eca37a05322091610c8a18c37cccca99d6a3b10 size: 2048
Section.rsrc md5: c156525c37fa29467825c264e0b4cbcc sha1: 29240d1457749842867aee913184ef28e5724aa0 size: 2048
Section.reloc md5: 2d6802a87d1b8f19f578fad3a7a0c6f7 sha1: cc48619079f09c4884ded3ae80b39f0a76aaccd0 size: 512
Section.tron md5: 5d56a3de92b3a5f42766cd6235211c73 sha1: 7a4f18cac1e0a51f3974e08962ae5c91daaaaccc size: 512
Section.data5 md5: b1faa2103f564805889f11938d8a8a1e sha1: a906341845971259655ea40aa5a8a7d9120db9fc size: 3072
Section.data4 md5: 8579b2e258147c36f4a452511a2fd68b sha1: 62ef4949ecea95556d5ec2024a0b2dc9f42d8a2f size: 3584
Section.data3 md5: 24ffcf35185192dc77782c3cd0512cea sha1: 66e7fe49e8c6f326d4c117ca55c538854a1cbab1 size: 3584
Section.data2 md5: 955dc82df5e8405383b760fe88b2b688 sha1: ee17fa1d519254b2102fd5b11ad060c56b36a0a9 size: 3584
Section.data1 md5: 4deba20681382dbab1f4ff9511435400 sha1: cd910e6e0ede99e97e779973dbd80ce684e0b51d size: 3584
Sectionbaymvby md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Timestamp2004-06-23 17:57:37
Pdb pathZ:\Console\Resist\Corrupt\ASM.exe
PEhash4c27a428e95acfac0c04752e59727b006fcb0e09
IMPhashf0b70484fafe49b2aef0fd5071893c54
AVRisingno_virus
AVMcafeePWS-Zbot.gen.anq
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVTwisterTrojan.6C162C31A854F553
AVAd-AwareGen:Heur.PIF.4
AVAlwil (avast)Virtu-F:Win32:Virtu-F
AVEset (nod32)Win32/Kryptik.AOHS
AVGrisoft (avg)Generic29.AIXH
AVSymantecTrojan.Gen
AVFortinetW32/Poxter.A!tr
AVBitDefenderGen:Heur.PIF.4
AVK7Trojan ( 003f0fbf1 )
AVMicrosoft Security EssentialsDDoS:Win32/Dofoil.A
AVMicroWorld (escan)Gen:Heur.PIF.4
AVMalwareBytesTrojan.Zbot.RTOGen
AVAuthentiumW32/Falab.F.gen!Eldorado
AVFrisk (f-prot)W32/Falab.F.gen!Eldorado
AVIkarusTrojan.Win32.Jorik
AVEmsisoftGen:Heur.PIF.4
AVZillya!Trojan.Kryptik.Win32.273813
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_ZB.24BE6C2E
AVCAT (quickheal)TrojanPWS.Zbot.Gen
AVVirusBlokAda (vba32)BScope.Trojan-Ransom.Winlock.3081
AVPadvishno_virus
AVBullGuardGen:Heur.PIF.4
AVArcabit (arcavir)Gen:Heur.PIF.4
AVClamAVWIN.Trojan.Agent-164419
AVDr. WebTrojan.PWS.Stealer.1019
AVF-SecureGen:Heur.PIF.4
AVCA (E-Trust Ino)Win32/Zbot.AM!generic
AVRisingno_virus
AVMcafeePWS-Zbot.gen.anq
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVTwisterTrojan.6C162C31A854F553
AVAd-AwareGen:Heur.PIF.4
AVAlwil (avast)Virtu-F:Win32:Virtu-F
AVEset (nod32)Win32/Kryptik.AOHS
AVGrisoft (avg)Generic29.AIXH
AVSymantecTrojan.Gen
AVFortinetW32/Poxter.A!tr
AVBitDefenderGen:Heur.PIF.4
AVK7Trojan ( 003f0fbf1 )
AVMicrosoft Security EssentialsDDoS:Win32/Dofoil.A
AVMicroWorld (escan)Gen:Heur.PIF.4
AVMalwareBytesTrojan.Zbot.RTOGen
AVAuthentiumW32/Falab.F.gen!Eldorado
AVFrisk (f-prot)W32/Falab.F.gen!Eldorado
AVIkarusTrojan.Win32.Jorik

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\3756_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 176

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 176

Network Details:


Raw Pcap

Strings