Analysis Date2016-02-05 15:45:24
MD5c3b4ef744ad0aaf5228b6b6be490a8a6
SHA1e7393e93a74dbede33add95bddb82b190d804e1e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.code md5: e0b68a915f352140360dbc62e107ae9f sha1: 66dedd61d58f3863707b8e317de952427d869883 size: 16384
Section.text md5: 9febecc317b6275b0c49d3b4343bcc1d sha1: 33e9745045d5fc2b22b747b80c2e186df033c66f size: 14336
Section.rdata md5: 5cd36d2a1f688f3ba698a10b91e89eeb sha1: b02a3131fc004b6f443101ba73bfedf6db411d2b size: 512
Section.data md5: 847f158a61c42da1c5a473702e654966 sha1: b78ddea8f6c2ca8e49f070ffcdf97a664bc18a5a size: 29184
Section.rsrc md5: 51bd67cf2a201b8e85d84345fba32efd sha1: 8d4cd7f965b0625036888546b159780808e2773d size: 1536
Timestamp2016-01-29 19:40:37
VersionCompanyName: NVIDIA Corporation
PEhash87cf530d66e47682e11fe330295d9e8ecd461030
IMPhash10c69da9cae7756ba5d41e3c3024d277
AVF-SecureNo Virus
AVAd-AwareNo Virus
AVGrisoft (avg)Downloader.Small.QNS
AVCAT (quickheal)No Virus
AVIkarusTrojan-Downloader.Win32.Wauchos
AVAvira (antivir)TR/Crypt.ZPACK.189966
AVK7Riskware ( 0040eff71 )
AVClamAVNo Virus
AVKasperskyTrojan.Win32.Generic
AVArcabit (arcavir)No Virus
AVMalwareBytesTrojan.Crypt.RND
AVDr. WebTrojan.Encoder.3671
AVMcafeeFareit-FCZ!C3B4EF744AD0
AVBitDefenderNo Virus
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVAlwil (avast)Win32:Malware-gen
AVRisingNo Virus
AVEset (nod32)Win32/TrojanDownloader.Wauchos.BD
AVBullGuardNo Virus
AVSymantecW32.Pilleuz
AVFortinetW32/Fareit.FCZ!tr
AVTrend MicroNo Virus
AVAuthentiumNo Virus
AVTwisterNo Virus
AVFrisk (f-prot)No Virus
AVVirusBlokAda (vba32)No Virus
AVCA (E-Trust Ino)No Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Policies\Explorer\Run\317606753 ➝
C:\Documents and Settings\All Users\msvgqh.exe\\x00
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden ➝
NULL
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\Windows\Load ➝
\\x00
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\msvgqh.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\All Users\120593
Deletes FileC:\E7393E~1.EXE
Winsock DNSmicrosoft.com
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
81.3.27.46
DNSeurope.pool.ntp.org
Type: A
81.94.123.17
DNSeurope.pool.ntp.org
Type: A
192.33.96.102
DNSeurope.pool.ntp.org
Type: A
62.210.85.244
DNSnorth-america.pool.ntp.org
Type: A
199.102.46.78
DNSnorth-america.pool.ntp.org
Type: A
12.200.151.18
DNSnorth-america.pool.ntp.org
Type: A
66.96.98.9
DNSnorth-america.pool.ntp.org
Type: A
171.66.97.126
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.197
DNSsouth-america.pool.ntp.org
Type: A
200.192.232.8
DNSsouth-america.pool.ntp.org
Type: A
201.49.148.135
DNSsouth-america.pool.ntp.org
Type: A
192.188.53.26
DNSasia.pool.ntp.org
Type: A
218.189.210.3
DNSasia.pool.ntp.org
Type: A
120.88.46.10
DNSasia.pool.ntp.org
Type: A
194.225.50.25
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSoceania.pool.ntp.org
Type: A
103.242.70.4
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
103.239.8.22
DNSafrica.pool.ntp.org
Type: A
197.12.0.14
DNSafrica.pool.ntp.org
Type: A
41.73.42.22
DNSafrica.pool.ntp.org
Type: A
196.10.52.57
DNSafrica.pool.ntp.org
Type: A
196.223.19.3
DNSpool.ntp.org
Type: A
97.107.128.58
DNSpool.ntp.org
Type: A
104.131.51.97
DNSpool.ntp.org
Type: A
209.208.79.69
DNSpool.ntp.org
Type: A
50.116.52.97
DNSmicrosoft.com
Type: A
104.43.195.251
DNSmicrosoft.com
Type: A
191.239.213.197
DNSmicrosoft.com
Type: A
23.96.52.53
DNSmicrosoft.com
Type: A
23.100.122.175
DNSmicrosoft.com
Type: A
104.40.211.35
DNSbilescotrej.com
Type: A
Flows UDP192.168.1.1:1039 ➝ 8.8.4.4:53
Flows TCP192.168.1.1:1044 ➝ 104.43.195.251:80
Flows UDP192.168.1.1:1045 ➝ 8.8.4.4:53

Raw Pcap

Strings