Analysis Date2015-12-25 19:00:26
MD5610dd096b7bd04518155deb0994d41ec
SHA1f40e585ea67ba1ac9db1055d8051cec5f4f410f4

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 5c610682bb16cdc9e65cd31841ed9ce4 sha1: 055ef80866da4d9fd429d5f172967140e5529239 size: 37888
Section.rdata md5: 70030c880e8afd8e4a6b7dfd7763b093 sha1: 09691c8fd257c5b7738dcf4a4fdab15bae8ff114 size: 9216
Section.data md5: 03679426aa777f24f2140df3d56fc495 sha1: 10deed654b90b96a153edd644c7c02f053135c86 size: 4096
Section.yhxe md5: 91c902aac134ba04b0e98a4238f2fbc4 sha1: e6d9774d48552b3b2a73c849844ad8d850f70574 size: 23040
Section.rthx md5: ae7434dc5833e4e482d35df6754c99ce sha1: d844234a6f4a4d4eb8891587001d1632a78ec46f size: 5632
Section.rsrc md5: 61382cd4a9adb2c5ace98d1fea2384e0 sha1: 6e4f2c81f466e538630654419123a76e146e7032 size: 1536
Section.reloc md5: a409ee71a9dd682fc410d9fd603f14e3 sha1: 32d3f1eb340be0a906d15518a4a89933adca0f2d size: 3584
Timestamp2015-09-22 11:16:02
VersionLegalCopyright: ftycdrgxtdhjgyk
InternalName: ftycdrgxtdhjgyk
FileVersion: 3.10.349.0
CompanyName: ftycdrgxtdhjgyk
LegalTrademarks1: ftycdrgxtdhjgyk
LegalTrademarks2: ftycdrgxtdhjgyk
ProductName: ftycdrgxtdhjgyk
ProductVersion: 3.10
FileDescription: Microsoft Security
OriginalFilename: ftycdrgxtdhjgyk
PackerMicrosoft Visual C++ ?.?
PEhash9385fe7ca02a237f6b55251a6a555ff540a17371
IMPhash515350ebf34c49cc081a025f1551fa11
AVVirusBlokAda (vba32)no_virus
AVAuthentiumW32/S-539696d3!Eldorado
AVTwisterno_virus
AVDr. WebTrojan.Siggen.65341
AVAd-AwareGen:Variant.Kazy.575686
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVRisingno_virus
AVTrend MicroRansom_.0A217DD0
AVBitDefenderGen:Variant.Kazy.575686
AVK7Trojan ( 004d02251 )
AVAvira (antivir)TR/Crypt.Xpack.282233
AVGrisoft (avg)Crypt4.CMFX
AVMicroWorld (escan)Gen:Variant.Kazy.575686
AVEset (nod32)Win32/Kryptik.DXZE
AVMalwareBytesRansom.CryptoWall
AVArcabit (arcavir)Gen:Variant.Kazy.575686
AVFrisk (f-prot)no_virus
AVSymantecTrojan.Gen
AVFortinetW32/Kryptik.DYFJ!tr
AVZillya!Backdoor.Androm.Win32.29480
AVKasperskyTrojan.Win32.Generic
AVEmsisoftGen:Variant.Kazy.575686
AVMcafeeGamarue-FCX!610DD096B7BD
AVIkarusTrojan-Ransom.Win32.Blocker
AVClamAVno_virus
AVBullGuardGen:Variant.Kazy.575686
AVF-SecureGen:Variant.Kazy.575686
AVMicrosoft Security EssentialsTrojan:Win32/Bagsu!rfn
AVCAT (quickheal)Worm.Gamarue.WR6
AVCA (E-Trust Ino)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\msiexec.exe

Process
↳ C:\WINDOWS\system32\msiexec.exe

Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Winsock DNSnorth-america.pool.ntp.org
Winsock DNSafrica.pool.ntp.org
Winsock DNSoceania.pool.ntp.org
Winsock DNSasia.pool.ntp.org
Winsock DNSsouth-america.pool.ntp.org
Winsock DNSeurope.pool.ntp.org

Network Details:

DNSeurope.pool.ntp.org
Type: A
195.46.37.22
DNSeurope.pool.ntp.org
Type: A
178.33.111.49
DNSeurope.pool.ntp.org
Type: A
93.94.224.67
DNSeurope.pool.ntp.org
Type: A
212.18.3.19
DNSnorth-america.pool.ntp.org
Type: A
206.108.0.133
DNSnorth-america.pool.ntp.org
Type: A
129.6.15.28
DNSnorth-america.pool.ntp.org
Type: A
4.53.160.75
DNSnorth-america.pool.ntp.org
Type: A
209.118.204.201
DNSsouth-america.pool.ntp.org
Type: A
66.60.22.202
DNSsouth-america.pool.ntp.org
Type: A
200.189.40.8
DNSsouth-america.pool.ntp.org
Type: A
200.89.75.197
DNSsouth-america.pool.ntp.org
Type: A
186.103.182.15
DNSasia.pool.ntp.org
Type: A
123.108.225.6
DNSasia.pool.ntp.org
Type: A
103.245.79.18
DNSasia.pool.ntp.org
Type: A
31.193.144.2
DNSasia.pool.ntp.org
Type: A
211.233.40.78
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSoceania.pool.ntp.org
Type: A
203.123.77.111
DNSoceania.pool.ntp.org
Type: A
202.127.210.36
DNSoceania.pool.ntp.org
Type: A
202.22.158.30
DNSafrica.pool.ntp.org
Type: A
196.49.6.67
DNSafrica.pool.ntp.org
Type: A
196.223.19.3
DNSafrica.pool.ntp.org
Type: A
41.73.42.22
DNSafrica.pool.ntp.org
Type: A
41.78.128.17

Raw Pcap

Strings