Analysis Date2016-01-26 11:56:19
MD54d6c66b33be68a26ce0ca51dc96e5da1
SHA1f359285995323fe0b1d8c3394ce7c9c487a4bcec

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9409eabd4dd05bc56083009f10fe83ee sha1: 2c3b85e28462302e613bca2c3933b2028f8e7b94 size: 57344
Section.rdata md5: d59b52d40e8a0dbb622636b008da0709 sha1: 2f5c4293255bafae8e607c4d00c512010dd4c0de size: 32768
Section.data md5: 87dfd9f366f44c4fc751d700a215f139 sha1: bc106104b99d6ce70992eade23106243a5b70f18 size: 8192
Section.rsrc md5: 08b6901a75dd37e13a633a7099beedc5 sha1: b080a934c6e2ccba553e6004bdfe9ff3507ea33c size: 4096
Section.rsrc md5: 3d29425d20c0e23d6e0507db8495321f sha1: 0c54dc90acf3dedb0feb73a57f2a5207ec70ce6b size: 1048576
Timestamp2015-06-24 10:41:09
VersionLegalCopyright: Copyright © 2007-2011 Redtail Technology
InternalName: ShouldShape
FileVersion: 13.4.6415.5069
CompanyName: Redtail Technology
Comments: ShouldShape
ProductName: ShouldShape
ProductVersion: 13.4.6415.5069
FileDescription: ShouldShape
OriginalFilename: kindmay.exe
PackerMicrosoft Visual C++ ?.?
PEhash54388e7788434ce29ea5f1eb982bba2da85ea4e8
IMPhash98748038dcd3633582e6a20851718e62
AVCA (E-Trust Ino)No Virus
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)Worm/Gamarue.1155992.15
AVTwisterW32.Bundpil.CZ.gen.psrc
AVAd-AwareTrojan.Rajbot.Gen.1
AVAlwil (avast)MalOb-LV [Cryp]
AVEset (nod32)Win32/Bundpil.CV.gen worm
AVGrisoft (avg)BackDoor.Generic18.COFW
AVSymantecDownloader.Dromedan
AVFortinetW32/Bundpil.CZ!worm
AVBitDefenderTrojan.Rajbot.Gen.1
AVK7Trojan ( 004c848c1 )
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVMicroWorld (escan)Trojan.Rajbot.Gen.1
AVMalwareBytesWorm.Gamarue
AVAuthentiumW32/Trojan.IJTM-8895
AVEmsisoftTrojan.Rajbot.Gen.1
AVFrisk (f-prot)No Virus
AVIkarusWorm.Win32.Bundpil
AVZillya!Worm.Bundpil.Win32.118938
AVKasperskyTrojan.Win32.Wauchos.a
AVTrend MicroNo Virus
AVVirusBlokAda (vba32)Trojan.Wauchos
AVCAT (quickheal)No Virus
AVBullGuardTrojan.Rajbot.Gen.1
AVArcabit (arcavir)Trojan.Rajbot.Gen.1
AVClamAVWin.Trojan.Agent-921451
AVDr. WebNo Virus
AVF-SecureTrojan:W32/Gamarue.F

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
176.9.1.211
DNSeurope.pool.ntp.org
Type: A
176.9.253.76
DNSeurope.pool.ntp.org
Type: A
82.220.2.2
DNSeurope.pool.ntp.org
Type: A
131.188.3.220
DNSnorth-america.pool.ntp.org
Type: A
129.250.35.251
DNSnorth-america.pool.ntp.org
Type: A
198.211.106.151
DNSnorth-america.pool.ntp.org
Type: A
63.211.239.58
DNSnorth-america.pool.ntp.org
Type: A
97.107.128.58
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
201.49.148.135
DNSsouth-america.pool.ntp.org
Type: A
190.15.128.72
DNSsouth-america.pool.ntp.org
Type: A
190.181.129.115
DNSasia.pool.ntp.org
Type: A
59.106.180.168
DNSasia.pool.ntp.org
Type: A
157.7.154.23
DNSasia.pool.ntp.org
Type: A
211.233.84.186
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSoceania.pool.ntp.org
Type: A
202.127.210.37
DNSoceania.pool.ntp.org
Type: A
103.242.68.68
DNSoceania.pool.ntp.org
Type: A
150.101.217.196
DNSoceania.pool.ntp.org
Type: A
202.6.116.123
DNSafrica.pool.ntp.org
Type: A
146.231.129.81
DNSafrica.pool.ntp.org
Type: A
196.10.52.57
DNSafrica.pool.ntp.org
Type: A
196.192.32.7
DNSafrica.pool.ntp.org
Type: A
41.188.33.6

Raw Pcap

Strings