Analysis Date2016-01-08 22:01:21
MD5b70ab4a947c0f0602400f75263621ffd
SHA1eb50fe37d988f06ffa7fb3c749e46b6908079f5c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6f20d27cd24399899dbcbd9ee6cca071 sha1: e57042bea63d20f99de8604fe59fb5a0b7390cd2 size: 16384
Section.rdata md5: 5cece4484c27faaad5cc0883adb75455 sha1: 93e05721c03cb474d1986e0a3dacaf1e1b23c7ba size: 16384
Section.data md5: fe6e2c29684b5d211f94ece51f8cdbbe sha1: 2b03167e4126b72ac8be8f4006983244f69c5180 size: 24576
Section.rsrc md5: 5f95619dfbb7353d1c7922f136af0d3a sha1: 8aa951779c53a7008d4746e64d0ce146ad14e40c size: 24576
Timestamp2015-09-29 13:13:47
VersionBuildVersion: 7, 17, 8, 793
PackerInstaller VISE Custom
PEhash63deab01c26dd9f0b69cd8bb8ba6841b29d8975f
IMPhash0972794ca90574b09d1f0b9663940dac
AVCA (E-Trust Ino)No Virus
AVF-SecureTrojan.Agent.BNBQ
AVDr. WebTrojan.Upatre.8519
AVClamAVNo Virus
AVArcabit (arcavir)Trojan.D
AVBullGuardTrojan.Agent.BNBQ
AVVirusBlokAda (vba32)Backdoor.Caphaw
AVCAT (quickheal)TrojanDownloader.Upatre.RF4
AVTrend MicroTROJ_UP.886C385B
AVKasperskyTrojan.Win32.Generic
AVZillya!No Virus
AVEmsisoftTrojan.Agent.BNBQ
AVIkarusTrojan.Injector
AVFrisk (f-prot)W32/Trojan3.RWP
AVAuthentiumW32/Trojan3.RWP
AVMalwareBytesTrojan.MalPack
AVMicroWorld (escan)Trojan.Agent.BNBQ
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVK7Trojan-Downloader ( 004cd6931 )
AVBitDefenderTrojan.Agent.BNBQ
AVFortinetW32/Waski.Z!tr
AVSymantecDownloader.Upatre!g14
AVGrisoft (avg)Crypt4.COXC
AVEset (nod32)Win32/TrojanDownloader.Waski.Z
AVAlwil (avast)Win32:Trojan-gen
AVRisingNo Virus
AVAd-AwareTrojan.Agent.BNBQ
AVTwisterTrojanDldr.Waski.Z.wygw
AVAvira (antivir)TR/Kryptik.abbojx
AVMcafeeDownloader-FAXI!B70AB4A947C0

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:

DNSicanhazip.com
Type: A
64.182.208.184
DNSicanhazip.com
Type: A
64.182.208.185
HTTP GEThttp://icanhazip.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36
HTTP GEThttp://197.149.90.166:12111/30M12/COMPUTER-XXXXXX/0/51-SP3/0/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36
Flows TCP192.168.1.1:1031 ➝ 64.182.208.184:80
Flows TCP192.168.1.1:1032 ➝ 197.149.90.166:12111
Flows TCP192.168.1.1:1033 ➝ 68.70.242.203:443
Flows TCP192.168.1.1:1034 ➝ 68.70.242.203:443
Flows TCP192.168.1.1:1035 ➝ 68.70.242.203:443
Flows TCP192.168.1.1:1036 ➝ 68.70.242.203:443
Flows TCP192.168.1.1:1037 ➝ 67.207.229.215:443
Flows TCP192.168.1.1:1038 ➝ 67.207.229.215:443
Flows TCP192.168.1.1:1039 ➝ 67.207.229.215:443
Flows TCP192.168.1.1:1040 ➝ 67.207.229.215:443
Flows TCP192.168.1.1:1041 ➝ 63.248.156.246:443
Flows TCP192.168.1.1:1042 ➝ 63.248.156.246:443
Flows TCP192.168.1.1:1043 ➝ 63.248.156.246:443
Flows TCP192.168.1.1:1044 ➝ 63.248.156.246:443
Flows TCP192.168.1.1:1045 ➝ 208.117.68.78:443
Flows TCP192.168.1.1:1046 ➝ 208.117.68.78:443
Flows TCP192.168.1.1:1047 ➝ 208.117.68.78:443
Flows TCP192.168.1.1:1048 ➝ 208.117.68.78:443
Flows TCP192.168.1.1:1049 ➝ 67.222.201.61:443
Flows TCP192.168.1.1:1050 ➝ 67.222.201.61:443
Flows TCP192.168.1.1:1051 ➝ 67.222.201.61:443
Flows TCP192.168.1.1:1052 ➝ 67.222.201.61:443
Flows TCP192.168.1.1:1053 ➝ 203.129.197.50:443
Flows TCP192.168.1.1:1054 ➝ 203.129.197.50:443

Raw Pcap

Strings