Analysis Date2015-10-19 14:03:15
MD5f246ce0d3dfe28de60bceabe2661e9bf
SHA1f05523c402f1c4d5d9461834fddca5b49e18939c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d191fa38c53ef988ab2fdc8928e9c9c8 sha1: 2446190d0fcb645658a98878e45db01c9daf34a7 size: 57344
Section.rdata md5: 4be741ef7b8a436f259c7fa9248335fb sha1: f692e589e1cc0f9a249dd94a4f287d06e708b55f size: 225792
Section.data md5: 8ee5e882fadd055c5ad7673026aadc7c sha1: 6ac13614c2c812e2e4602373609a8cdfc96e019f size: 12800
Section.rsrc md5: 5eecadb8aeee0607ff1ad9102e942c89 sha1: 50bf709433efa42efd256310965b77d113201524 size: 8704
Section.reloc md5: 612ce61372db54aea33848d87e006f6e sha1: bda0c25d28e69f902afcf736efcf44ee12158d65 size: 8192
Timestamp2014-02-21 23:32:30
VersionLegalCopyright: Copyright (C) 2013 JamSoftware Dev
InternalName: VDV runsync
FileVersion: 6.1.0.2
CompanyName: JamSoftware Dev
ProductName: VDV Runtime Synchronizer
ProductVersion: 6.1.0.2
FileDescription: VDV Runtime Synchronizer
OriginalFilename: vdvrunsync
PackerMicrosoft Visual C++ ?.?
PEhashd5f6bccbd87c55b17b47d028ffbab8d35b40a820
IMPhash2e92bc2e166c32960063069d35c2a1a3
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.Foreign.1
AVDr. WebTrojan.PWS.Panda.6194
AVClamAVWin.Trojan.Zbot-39427
AVArcabit (arcavir)Trojan.Foreign.1
AVBullGuardTrojan.Foreign.1
AVPadvishno_virus
AVVirusBlokAda (vba32)TrojanSpy.Zbot
AVCAT (quickheal)TrojanPWS.Zbot.A5
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Generic
AVZillya!Trojan.Zbot.Win32.149322
AVEmsisoftTrojan.Foreign.1
AVIkarusTrojan-Spy.Win32.Zbot
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.BAMW-8904
AVMalwareBytesTrojan.Zbot
AVMicroWorld (escan)Trojan.Foreign.1
AVMicrosoft Security EssentialsPWS:Win32/Zbot
AVK7Spyware ( 003783441 )
AVBitDefenderTrojan.Foreign.1
AVFortinetW32/Kryptik.XZ!tr
AVSymantecno_virus
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Spy.Zbot.AAQ
AVAlwil (avast)BackoffPOS-Q [Trj]
AVAd-AwareTrojan.Foreign.1
AVTwisterTrojan.3C6A9194967ECFE7
AVAvira (antivir)TR/Crypt.XPACK.Gen7
AVMcafeeRDN/Generic PWS.y!zk
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc

Network Details:


Raw Pcap

Strings