Analysis Date2015-10-06 23:33:33
MD5ff725d390e598ae2fab930eb9950634b
SHA1eaa36f67d3b9cfbd96ea60f5b6cf26375396bf94

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0cb0373ec0e2f762e458a303c115f12e sha1: d76703229bf24a24051f10dd0296b5b05bf746a2 size: 1024
Section.rdata md5: 3b7e67fb1ccbaf9bb4216814816e91ba sha1: a504a5735b53f6fc5724d26ba09482a9b5a539e1 size: 1024
Section.data md5: 8589a20c5b7c3de3ece563f3962530f5 sha1: a560db31a64b2cb913c2f420f09dd8019f05ca82 size: 1024
Section.rsrc md5: eb84798bf7d22082ff42e85df71b4929 sha1: ad5560dc644d59cb37b1c25a3a41fd4e3dd02619 size: 42496
Timestamp2014-06-30 05:06:03
VersionLegalCopyright: Copyright (C) 2009
InternalName: genius
FileVersion: 8,2,3,23
ProductName: genius Application
ProductVersion: 2,3,3,22
FileDescription: genius Application
OriginalFilename: genius.exe
PEhashc7d051cb67aa79021e1fdf22e08021326cd976b7
IMPhashf0855f86d5b3050322afa714b88b2ec1
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Graftor.144167
AVDr. WebTrojan.MulDrop3.14959
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Graftor.144167
AVBullGuardGen:Variant.Graftor.144167
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Trojan.Cutwail.r4
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Cutwail.dpb
AVZillya!Trojan.Cutwail.Win32.1151
AVEmsisoftGen:Variant.Graftor.144167
AVIkarusTrojan.Win32.Cutwail
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.OVWI-3055
AVMalwareBytesTrojan.Agent.US
AVMicroWorld (escan)Gen:Variant.Graftor.144167
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVK7Trojan ( 0049cbf01 )
AVBitDefenderGen:Variant.Graftor.144167
AVFortinetW32/CUTWAIL.BG!tr
AVSymantecTrojan.Gen
AVGrisoft (avg)Agent
AVEset (nod32)Win32/Kryptik.CFVL
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Variant.Graftor.144167
AVTwisterno_virus
AVAvira (antivir)TR/Dropper.Gen
AVMcafeeDownloader-FAKU!FF725D390E59
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\tepizepyszoz ➝
C:\Documents and Settings\Administrator\tepizepyszoz.exe
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\tepizepyszoz.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutextepizepyszoz

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.176.126
DNSsmtp.mail.global.gm0.yahoodns.net
Type: A
98.138.105.21
DNSsmtp.mail.global.gm0.yahoodns.net
Type: A
98.139.211.125
DNSsmtp.mail.global.gm0.yahoodns.net
Type: A
63.250.193.228
DNSsmtp.live.com
Type: A
DNSsmtp.mail.yahoo.com
Type: A
Flows TCP192.168.1.1:1031 ➝ 65.55.176.126:25
Flows TCP192.168.1.1:1032 ➝ 98.138.105.21:25

Raw Pcap

Strings