Analysis Date2016-01-28 06:17:57
MD525cf2c3b2e4554a5e54de0a49e6f205b
SHA1ece28dcc6faf54d6f2e7e4278a2b616b4cc8113e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8c489f2ebfcf2983973b724f186c0157 sha1: f55ca4b2540bffb5ad71ba682f1adf76eab2e1fc size: 18944
Section.rdata md5: ed31b6a995c2d4ef9d60ec6f1c3330db sha1: 1979fc3b1b947e116d2acc77a44bc34569b96a31 size: 3072
Section.data md5: 666262fbe452849bdbdd635b1b43ae2b sha1: d61007a772d05fd0905e0a9e42db3e187f27fcf3 size: 2560
Section.rsrc md5: dfebe2c7735d8da6f12886cda94e03ac sha1: 429b5cba885b1988d3c53bad954cc7e7611bfd6b size: 1536
Timestamp2015-05-21 23:52:30
Pdb path@
PackerMicrosoft Visual C++ v6.0
PEhash6d18022b72ca175c5dc90f0c2a132a5c0c06fca8
IMPhashde62bf5945c23517e92743ba221ab5a3
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/Crypt.Xpack.425021
AVTwisterTrojan.FF15@124000@2400C.mg
AVAd-AwareGen:Variant.Mikey.22144
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Agent.RBI
AVGrisoft (avg)Atros.AULX
AVSymantecNo Virus
AVFortinetW32/Brrowho.H!tr
AVBitDefenderGen:Variant.Mikey.22144
AVK7Trojan ( 004c3a381 )
AVMicrosoft Security EssentialsDDoS:Win32/Nitol.G
AVMicroWorld (escan)Gen:Variant.Mikey.22144
AVMalwareBytesDDoSTool.Nitol
AVAuthentiumW32/Heuristic-171!Eldorado
AVFrisk (f-prot)W32/Heuristic-171!Eldorado
AVIkarusTrojan.Win32.Brrowho
AVEmsisoftGen:Variant.Mikey.22144
AVZillya!Trojan.BrowHost.Win32.184
AVKasperskyTrojan.Win32.BrowHost.d
AVTrend MicroNo Virus
AVCAT (quickheal)DDoS.Nitol.013784
AVVirusBlokAda (vba32)BScope.Trojan.SvcHorse.01643
AVBullGuardGen:Variant.Mikey.22144
AVArcabit (arcavir)Gen:Variant.Mikey.22144
AVClamAVNo Virus
AVDr. WebTrojan.DownLoader14.40865
AVF-SecureGen:Variant.Mikey.22144
AVCA (E-Trust Ino)No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Cntvs_Me_Please ➝
C:\malware.exe\\x00\\x00\\x00\\x00\\x00\\x98\\x00\\x91|\\x88\\x1e\\x16\\x00\\xa0\\xfe\\x12\\x00!\\x00\\x91|\\xe8\\x12\\x16\\x00\\x98\\x02\\x00\\x00\\xe0\\xfe\\x12\\x00/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\xfc\\xff\\x12\\x00#\\x00\\x00\\x00x\\x01;\\x00L\\x1ap\\x80\\xd4{[\\xfb\\xc8.N\\x80\\xd0\\xe1O\\x80\\xff\\xff\\xff\\xff\\x92\\xabX\\x80\\xb5\\xabX\\x80\\xa8\\x02\\x12\\x81\\x08K;\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xae,\\x91|\\x00\\x00\\x00\\x00Q-\\x91|X-\\x91|^\\x00\\x00\\x00\\x10\\x02\\x00\\x00\\x00K;\\x00h\\x01;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00K;\\x00@\\x00\\x00\\x00\\x04p@\\x00\\x004@\\x00\\xb0\\xfe\\x12\\x00$\\xc0\\xc2w\\x00\\x00;\\x00\\x00\\x00\\x00\\x00-\\xc0\\xc2w\\x004@\\x00\\x04p@\\x00\\x00\\x00\\x00\\x00\\xc0\\x01\\x91|\\xff\\xff\\xff\\xff\\xbb\\x01\\x91|\\xc9\\xc3\\xc2w\\x00\\x00;\\x00x\\xfe\\x12\\x00
Creates File\Device\Afd\Endpoint
Creates Mutex118.193.194.224

Network Details:

DNSwww.mddos.com
Type: A
8.8.8.8
Flows TCP192.168.1.1:1031 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1032 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1033 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1034 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1035 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1036 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1037 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1038 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1039 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1040 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1041 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1042 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1043 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1044 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1045 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1046 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1047 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1048 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1049 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1050 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1051 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1052 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1053 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1054 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1055 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1056 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1057 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1058 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1059 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1060 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1061 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1062 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1063 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1064 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1065 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1066 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1067 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1068 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1069 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1070 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1071 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1072 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1073 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1074 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1075 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1076 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1077 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1078 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1079 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1080 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1081 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1082 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1083 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1084 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1085 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1086 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1087 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1088 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1089 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1090 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1091 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1092 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1093 ➝ 8.8.8.8:1380
Flows TCP192.168.1.1:1094 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1095 ➝ 118.193.194.224:2444
Flows TCP192.168.1.1:1096 ➝ 118.193.194.224:2444

Raw Pcap

Strings