Analysis Date2015-06-29 12:00:15
MD51452d12e640921c37aee2f363f834389
SHA1ec7485c58738587050a2cc70ecb23d241bf3a932

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c0288402460761650a2d8421efe5110f sha1: b5ced87dd277dda79e9e57b85ae9a69cb111ddff size: 441344
Section.rdata md5: 7a361ad1effa0d59cacf4dc268ea9a57 sha1: 4c2c0c50e379d5ef587dd3c92c8e72883995bbff size: 512
Section.data md5: 749c463eb60792b00f95a725fb4ad845 sha1: fb01a514e29b77fcf6bf6f9ec5575fac182900dd size: 512
Timestamp2015-01-06 00:36:08
PEhashb494cebf039abf2314dfa45817dcecdc7764d2d9
IMPhash47866f01246489a3a6bf5b0da92fbd0f
AVCA (E-Trust Ino)Win32/Nabucur.C
AVF-SecureWin32.Virlock.Gen.1
AVDr. WebWin32.VirLock.10
AVClamAVno_virus
AVArcabit (arcavir)Win32.Virlock.Gen.1
AVBullGuardWin32.Virlock.Gen.1
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)Error Scanning File
AVTrend MicroPE_VIRLOCK.B-O
AVKasperskyVirus.Win32.PolyRansom.b
AVZillya!Virus.Virlock.Win32.1
AVEmsisoftWin32.Virlock.Gen.1
AVIkarusno_virus
AVFrisk (f-prot)no_virus
AVAuthentiumW32/S-4ff147e2!Eldorado
AVMalwareBytesTrojan.VirLock
AVMicroWorld (escan)Win32.Virlock.Gen.1
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.C
AVK7Trojan ( 0040f9f31 )
AVBitDefenderWin32.Virlock.Gen.1
AVFortinetW32/Zegost.ATDB!tr
AVSymantecno_virus
AVGrisoft (avg)Generic_r.EKW
AVEset (nod32)Win32/Virlock.I virus
AVAlwil (avast)Vunder [Trj]
AVAd-AwareWin32.Virlock.Gen.1
AVTwisterW32.PolyRansom.b.brnk.mg
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVMcafeeW32/VirRansom.b!1452D12E6409
AVRisingTrojan.Win32.PolyRansom.a

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\196a_appcompat.txt
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 168
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1348 -e 124 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 168

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1348 -e 124 -g

Network Details:


Raw Pcap

Strings