Analysis Date | 2016-02-03 01:58:57 |
---|---|
MD5 | 72772e43c53f1ad0f9be00247bfad5e6 |
SHA1 | e7161a547e818685081c575f0e37c20dfb0d7f17 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 5784f309b021865b58f2f815b263be1c sha1: d8734eb438f487f571f52cd9e387d5d4b25e3e79 size: 534016 | |
Section | .rdata md5: b7d128d6929eebcf4bfb6ae58c2e7ef2 sha1: 6ff1d1c9fd1c324b0a3528472cdb4befc8120611 size: 26112 | |
Section | .data md5: 222849047368589ca8f4fa2f8434d1ce sha1: 35abb898398435af1557ea1f4a90e043766b43d1 size: 20992 | |
Section | .reloc md5: 1f50440c71acee6fdcb31867d7554270 sha1: f5e686eb231ebbbb83820eb04d5f7aec81e25fda size: 39936 | |
Timestamp | 2014-01-31 08:27:03 | |
Packer | Microsoft Visual C++ 8 | |
PEhash | 18eb4cf56638d13ba9b36c5b8311b1c9575d1f2f | |
IMPhash | b512eff71b50507d511256018f9b67cb | |
AV | CA (E-Trust Ino) | No Virus |
AV | Rising | 0x59a3f458 |
AV | Mcafee | Trojan-FHSQ!72772E43C53F |
AV | Avira (antivir) | TR/Taranis.2158 |
AV | Twister | W32.Toolbar.CrossRider.AE.lfcr.mg |
AV | Ad-Aware | Gen:Variant.Zusy.141475 |
AV | Alwil (avast) | Win32:Malware-gen |
AV | Eset (nod32) | Win32/Bayrob.BM |
AV | Grisoft (avg) | Generic37.AIAM |
AV | Symantec | Trojan.Gen |
AV | Fortinet | W32/Bayrob.BM!tr |
AV | BitDefender | Gen:Variant.Zusy.141475 |
AV | K7 | Trojan ( 004dc2a31 ) |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.DI |
AV | MicroWorld (escan) | Gen:Variant.Zusy.141475 |
AV | MalwareBytes | No Virus |
AV | Authentium | W32/Nivdort.E.gen!Eldorado |
AV | Emsisoft | Gen:Variant.Zusy.141475 |
AV | Frisk (f-prot) | W32/Nivdort.E.gen!Eldorado |
AV | Ikarus | Trojan.Bayrob |
AV | Zillya! | No Virus |
AV | Kaspersky | Trojan.Win32.Generic |
AV | Trend Micro | No Virus |
AV | VirusBlokAda (vba32) | No Virus |
AV | CAT (quickheal) | TrojanSpy.Nivdort.WR4 |
AV | BullGuard | Gen:Variant.Zusy.141475 |
AV | Arcabit (arcavir) | Gen:Variant.Zusy.141475 |
AV | ClamAV | No Virus |
AV | Dr. Web | No Virus |
AV | F-Secure | Gen:Variant.Zusy.141475 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\mkykdcyvarr\ntjpi1mk2bk48kweavyvz.exe |
---|---|
Creates File | C:\mkykdcyvarr\t3mwxth |
Creates File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Deletes File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Creates Process | C:\mkykdcyvarr\ntjpi1mk2bk48kweavyvz.exe |
Process
↳ C:\mkykdcyvarr\ntjpi1mk2bk48kweavyvz.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Link-Layer DCOM Multimedia Discovery ➝ C:\mkykdcyvarr\fkotkig.exe |
---|---|
Creates File | C:\mkykdcyvarr\fkotkig.exe |
Creates File | C:\mkykdcyvarr\t3mwxth |
Creates File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Creates File | PIPE\lsarpc |
Creates File | C:\mkykdcyvarr\pjwn4cx38rkj |
Deletes File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Creates Process | C:\mkykdcyvarr\fkotkig.exe |
Creates Service | Credential NetBIOS Font Tracking Extender WMI - C:\mkykdcyvarr\fkotkig.exe |
Process
↳ Pid 800
Process
↳ Pid 848
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
---|
Process
↳ Pid 1108
Process
↳ Pid 1204
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Process
↳ Pid 1848
Process
↳ Pid 1172
Process
↳ C:\mkykdcyvarr\fkotkig.exe
Creates File | pipe\net\NtControlPipe10 |
---|---|
Creates File | C:\mkykdcyvarr\t3mwxth |
Creates File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Creates File | C:\mkykdcyvarr\pjwn4cx38rkj |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\mkykdcyvarr\pfobyncd |
Creates File | C:\mkykdcyvarr\cwwolbk.exe |
Deletes File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Creates Process | jznt92hfsf58 "c:\mkykdcyvarr\fkotkig.exe" |
Process
↳ C:\mkykdcyvarr\fkotkig.exe
Creates File | C:\mkykdcyvarr\t3mwxth |
---|---|
Creates File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Deletes File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Process
↳ jznt92hfsf58 "c:\mkykdcyvarr\fkotkig.exe"
Creates File | C:\mkykdcyvarr\t3mwxth |
---|---|
Creates File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Deletes File | C:\WINDOWS\mkykdcyvarr\t3mwxth |
Network Details:
Raw Pcap
Strings