Analysis Date2015-11-24 18:30:14
MD592e4d40af319de359e4a9aef8fedf33b
SHA1ea6b68126664261c3457b6700ea5d1a2f899b71d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 08b1c67493aaa440f238a9e150692943 sha1: dd798cb28bdebdb42092ce7a146134b12fec2721 size: 109056
Section.rdata md5: bac87c612d01ecd22d00a6f44b16ce6e sha1: e8e175a6726656a62351d3894d276d38b0cd0721 size: 22016
Section.data md5: 9b88b83c1ca744548d9ac42558cde8e2 sha1: 410c73b0ce587851193a73888b732145b62b443a size: 76288
Section.rsrc md5: 3d423193a4ae930da6c63474227389ff sha1: dbf864f80ecc3707c0fa7225134fe0844450b57c size: 60416
Timestamp2015-11-13 07:05:58
PackerMicrosoft Visual C++ ?.?
PEhashc6c3e021fb9312d4690ad5c514dd6aff524887e8
IMPhashcfbc1450f900ba6991e390989dee7a8a
AVRisingno_virus
AVMcafeeRDN/Generic BackDoor
AVAvira (antivir)TR/AD.Gamarue.Y.1600
AVTwisterno_virus
AVAd-AwareGen:Variant.Symmi.58365
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVEset (nod32)Win32/Kryptik.EEUI
AVGrisoft (avg)Crypt_r.ALF
AVSymantecBackdoor.Trojan
AVFortinetPossibleThreat.VEX.99
AVBitDefenderGen:Variant.Symmi.58365
AVK7Trojan ( 004d6b381 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Gen:Variant.Zusy.169904
AVMalwareBytesTrojan.Injector
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Inject
AVEmsisoftGen:Variant.Symmi.58365
AVZillya!no_virus
AVKasperskyBackdoor.Win32.Androm.iqxv
AVTrend MicroBKDR_AN.0275E0E1
AVCAT (quickheal)no_virus
AVVirusBlokAda (vba32)no_virus
AVPadvishno_virus
AVBullGuardGen:Variant.Symmi.58365
AVArcabit (arcavir)Gen:Variant.Symmi.58365
AVClamAVno_virus
AVDr. WebBackDoor.IRC.NgrBot.42
AVF-SecureGen:Variant.Symmi.58365
AVCA (E-Trust Ino)no_virus
AVRisingno_virus
AVMcafeeRDN/Generic BackDoor
AVAvira (antivir)TR/AD.Gamarue.Y.1600
AVTwisterno_virus
AVAd-AwareGen:Variant.Symmi.58365
AVAlwil (avast)Dorder-C [Trj]
AVEset (nod32)Win32/Kryptik.EEUI
AVGrisoft (avg)Crypt_r.ALF
AVSymantecBackdoor.Trojan
AVFortinetPossibleThreat.VEX.99
AVBitDefenderGen:Variant.Symmi.58365
AVK7Trojan ( 004d6b381 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVMicroWorld (escan)Gen:Variant.Zusy.169904
AVMalwareBytesTrojan.Injector
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan.Crypt

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
78.156.103.10
DNSeurope.pool.ntp.org
Type: A
88.157.128.22
DNSeurope.pool.ntp.org
Type: A
89.111.54.85
DNSeurope.pool.ntp.org
Type: A
195.154.97.57
DNSnorth-america.pool.ntp.org
Type: A
204.2.134.163
DNSnorth-america.pool.ntp.org
Type: A
50.116.36.122
DNSnorth-america.pool.ntp.org
Type: A
108.61.194.85
DNSnorth-america.pool.ntp.org
Type: A
166.70.136.35
DNSsouth-america.pool.ntp.org
Type: A
192.188.53.26
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.17
DNSsouth-america.pool.ntp.org
Type: A
200.160.0.8
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSasia.pool.ntp.org
Type: A
202.65.114.202
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
82.200.209.236
DNSasia.pool.ntp.org
Type: A
194.225.50.25
DNSoceania.pool.ntp.org
Type: A
121.0.0.41
DNSoceania.pool.ntp.org
Type: A
192.189.54.33
DNSoceania.pool.ntp.org
Type: A
202.22.158.31
DNSoceania.pool.ntp.org
Type: A
103.242.70.5

Raw Pcap

Strings