Analysis Date2016-01-22 21:35:52
MD5db387e92ac33feaa9d861b031170aac4
SHA1ee85c58869213a03b8159bb968f8083fd12570ae

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 70613ec2cead0f4b71222e28daa1e33f sha1: 28dce165622329d7841eaf685a078ab075dd19c5 size: 58880
Section.rdata md5: 518ec12906af694b4fb9cd573a218f42 sha1: 47726e6459167e4bd5d22dc40b5d051bd07d29fe size: 58368
Section.data md5: 58c8a7f6833954f18b77d3d885a524cc sha1: 6af6631777993df0ccf3e0c09490f9df57cafe65 size: 7168
Section.rodata md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.CODE md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.idata md5: daa100df6e6711906b61c9ab5aa16032 sha1: 963ff6c2d517d188014d2ef3682c4797888e6d26 size: 20480
Section.float md5: daa100df6e6711906b61c9ab5aa16032 sha1: 963ff6c2d517d188014d2ef3682c4797888e6d26 size: 20480
Section.tdata md5: 53e979547d8c2ea86560ac45de08ae25 sha1: 53ea2cb716f312714685c92b6be27e419f8c746c size: 1536
Section.merge md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512
Section.fdata md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 0fdc6d8347597afdbb3111c36ecf2edb sha1: afa3ac220365a22a71e70d55a75cad2b327f963f size: 48128
Timestamp2016-01-13 13:25:06
VersionLegalCopyright: Copyright (c) 1987-2012 by SoftMaker Software GmbH and its licensors
InternalName: TextMaker
FileVersion: 2012,0,0,670
CompanyName: SoftMaker Software GmbH
ProductName: TextMaker
ProductVersion: 2012
FileDescription: TextMaker
OriginalFilename: TextMaker.exe
PackerMicrosoft Visual C++ ?.?
PEhash45af2a8fe577dd63233f6c5773ff4196942d2c2f
IMPhashfecf05eaa4315cf0aad999c195d40ce3
AVFortinetW32/Agent.APXL!tr
AVFrisk (f-prot)No Virus
AVCA (E-Trust Ino)No Virus
AVMalwareBytesRansom.TeslaCrypt
AVRisingNo Virus
AVZillya!No Virus
AVF-SecureTrojan.GenericKDZ.31855
AVMicrosoft Security EssentialsWorm:Win32/Gamarue
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVEset (nod32)Win32/Kryptik.EBVZ
AVAvira (antivir)TR/AD.Gamarue.Y.1808
AVArcabit (arcavir)Trojan.GenericKDZ.31855
AVKasperskyBackdoor.Win32.Androm.izru
AVIkarusTrojan.Win32.Crypt
AVTrend MicroTSPY_ZBOT.YFA
AVBullGuardTrojan.GenericKDZ.31855
AVDr. WebBackDoor.IRC.NgrBot.903
AVAlwil (avast)Dorder-S [Trj]
AVAd-AwareTrojan.GenericKDZ.31855
AVK7Trojan ( 004d4da31 )
AVBitDefenderTrojan.GenericKDZ.31855
AVEmsisoftTrojan.GenericKDZ.31855
AVSymantecTrojan.Gen.2
AVGrisoft (avg)FileCryptor.GAA
AVTwisterNo Virus
AVMcafeeRDN/Generic PWS.y
AVClamAVNo Virus
AVCAT (quickheal)No Virus
AVVirusBlokAda (vba32)No Virus
AVMicroWorld (escan)Gen:Variant.Kazy.791623

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\Explorer\TaskbarNoNotification ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSpool.ntp.org
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
176.9.92.196
DNSeurope.pool.ntp.org
Type: A
212.7.1.131
DNSeurope.pool.ntp.org
Type: A
5.9.80.113
DNSeurope.pool.ntp.org
Type: A
82.220.2.2
DNSnorth-america.pool.ntp.org
Type: A
131.107.13.100
DNSnorth-america.pool.ntp.org
Type: A
198.55.111.50
DNSnorth-america.pool.ntp.org
Type: A
204.2.134.164
DNSnorth-america.pool.ntp.org
Type: A
45.79.78.173
DNSsouth-america.pool.ntp.org
Type: A
200.93.227.170
DNSsouth-america.pool.ntp.org
Type: A
200.160.7.186
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.197
DNSasia.pool.ntp.org
Type: A
120.88.46.10
DNSasia.pool.ntp.org
Type: A
157.7.154.23
DNSasia.pool.ntp.org
Type: A
192.248.1.162
DNSasia.pool.ntp.org
Type: A
211.233.40.78
DNSoceania.pool.ntp.org
Type: A
45.114.116.62
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
103.242.68.69
DNSoceania.pool.ntp.org
Type: A
203.56.27.253
DNSafrica.pool.ntp.org
Type: A
41.188.33.6
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSafrica.pool.ntp.org
Type: A
168.167.71.131
DNSafrica.pool.ntp.org
Type: A
196.10.54.57
DNSpool.ntp.org
Type: A
96.126.105.86
DNSpool.ntp.org
Type: A
204.2.134.162
DNSpool.ntp.org
Type: A
66.228.59.187
DNSpool.ntp.org
Type: A
76.191.88.3

Raw Pcap

Strings