Analysis Date2018-03-20 07:20:58
MD5d35c4ccce3a10fc1427733632274fd5e
SHA1f637694efc531fd7c46e6cbde7eba2dd2f335793

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 971f7b3a350c7e901f036f6a85d33de5 sha1: b5f561d534705314098b5f36f938b0c0438ba441 size: 31744
Section.rdata md5: b4d289e74b9c7aa538c926363d52c593 sha1: c4d4b7c9115aef24ff65f133a386f03627e664b6 size: 3072
Section.data md5: f0155dc4dbcb9834336314caf8e5f73d sha1: 25766150f4b617d95e4553942e1da2c9945434b2 size: 11264
Timestamp2015-03-27 07:45:59
PackerInstaller VISE Custom
PEhash16fc2c60ce5fd5917fb8e295c3c017faa0489b24
IMPhash3db5fecf85b54956329f728d4dba12ae
AVArcabit (arcavir)Gen:Variant.Zusy.151193
AVAuthentiumNo Virus
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Spy.Agent.47104.9
AVAlwil (avast)Trojan-gen
AVAlwil (avast)Win32:Trojan-gen
AVAd-AwareGen:Variant.Zusy.151193
AVBitDefenderGen:Variant.Zusy.151193
AVBullGuardGen:Variant.Zusy.151193
AVClamAVError Scanning File
AVDr. WebDDoS.Siggen.566
AVEmsisoftGen:Variant.Zusy.151193
AVMicroWorld (escan)Gen:Variant.Zusy.151193
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Agent.XDZ!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Zusy.151193
AVIkarusError Scanning File
AVK7Trojan ( 0050661a1 )
AVKasperskyError Scanning File
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsDDoS:Win32/Nitol.B
AVNANOTrojan.Win32.TrjGen.drlbgx
AVEset (nod32)Win32/Agent.XDZ
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroDDOS_NI.F210EDC5
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderDDoS:Win32/Nitol.B
AVZillya!Tool.Agent.Win32.10853

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\f637694efc531fd7c46e6cbde7eba2dd2f335793.exe

Creates MutexszMyFilePath
Creates FileC:\Users\Phil\AppData\Roaming\msetupac.sol

Network Details:

DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.158
DNSwww.update.microsoft.com.nsatc.net
Type: A
65.55.50.189
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.QJQREVSTINLFUUS2JJEQGQYDIQCUKBD34TYMSNRWQQALCDFODZF4AOOJ.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.XZQREVSTINLFUUS2JJEQGQYDIQCUKBHGB5ZYFJK7AV6TEDYFJO2CRKTE.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.7JQREVSTINLFUUS2JJEQGQYDIQCUKBHOM3OMXKJSGMI4YIW4RCURAVH6.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.G5RBEVSTINLFUUS2JJEQGQYDIQCUKBFESPESO5AVDABYSD3PBB5VUGQF.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.ONRBEVSTINLFUUS2JJEQGQYDIQCUKBC56JLWNSUEGUDX34MDCDHMIJRL.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.V5RBEVSTINLFUUS2JJEQGQYDIQCUKBHY35EFV2LQFHKHH4LPLLNMB3IO.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.5NRBEVSTINLFUUS2JJEQGQYDIQCUKBDUHVALZBXX3RSAPNXPIDGMSRHS.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.E5RREVSTINLFUUS2JJEQGQYDIQCUKBAALFZBVUSATOPKBOYBIC4C7OMN.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.MNRREVSTINLFUUS2JJEQGQYDIQCUKBDYKL522NLIGZALUYQ75CXLE4PI.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.T5RREVSTINLFUUS2JJEQGQYDIQCUKBE35DKPTI4XD3Y5AMU64YN6IXEH.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.3RRREVSTINLFUUS2JJEQGQYDIQCUKBFBQ46BWHJYLGSB5MMDJB22ELEW.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.DBSBEVSTINLFUUS2JJEQGQYDIQCUKBE433KAE6RTBS2EFOARY2YZ7NJM.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.KRSBEVSTINLFUUS2JJEQGQYDIQCUKBGZCC4SD26J5O5Q4HOZF25NWZNV.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.SBSBEVSTINLFUUS2JJEQGQYDIQCUKBC7DXZXFDOWOOLE2ZF6FOUZXYDF.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.ZRSBEVSTINLFUUS2JJEQGQYDIQCUKBA5CQFETUK7X7OMPHQBBH6YMLRU.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.BBSREVSTINLFUUS2JJEQGQYDIQCUKBDL3GKUZQFOBJGXCSIZAK3KXGP3.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.IRSREVSTINLFUUS2JJEQGQYDIQCUKBGTDNJLBBKT3RIB5OWMNLNO56IJ.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.QBSREVSTINLFUUS2JJEQGQYDIQCUKBH5AVWODAJRVNHQIKVYYDR7TWTD.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.XVSREVSTINLFUUS2JJEQGQYDIQCUKBCEHEFG7MCDSMG72F4BAKBTT5J7.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.7FSREVSTINLFUUS2JJEQGQYDIQCUKBDIEV3EIBCCZSXDHARUIIINZZKW.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.GVTBEVSTINLFUUS2JJEQGQYDIQCUKBCLPDIDLY2WOLWFQXLGPACZZADO.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.OFTBEVSTINLFUUS2JJEQGQYDIQCUKBHHZQPLDNBHNBQY4NUP3FNLGNMB.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.VVTBEVSTINLFUUS2JJEQGQYDIQCUKBHEAUOUB4XIP4YBMQ3TY4S4JLUQ.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.5FTBEVSTINLFUUS2JJEQGQYDIQCUKBAZRPCFX4IMHOITYAXIC2MLLVWW.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.EVTREVSTINLFUUS2JJEQGQYDIQCUKBHD5ELAVMP6THJUBCV6JBDR77S6.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.MJTREVSTINLFUUS2JJEQGQYDIQCUKBEGSZD4DBTUEK34TXSNTMKEAVNZ.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.TZTREVSTINLFUUS2JJEQGQYDIQCUKBAPU4OEVMMHGYLG4EWLEH2O5RBX.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.3JTREVSTINLFUUS2JJEQGQYDIQCUKBGMEQRWRV3XIO433JSEJFSOUAVS.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.CZUBEVSTINLFUUS2JJEQGQYDIQCUKBHFSEFJINAJQDERPEIXOTIJ5NX4.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.KJUBEVSTINLFUUS2JJEQGQYDIQCUKBA7VAKW6YU65GIDAMKSWTAFJ46X.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.RZUBEVSTINLFUUS2JJEQGQYDIQCUKBG5NAU2MNIUTCFVJU5JDJWIVQK6.tt.lookfofo.com
Type: A
127.0.0.1
DNSIC1.JZHVEVCIK5EU4LKEGM4TGMKEAAFACAIC.ZJUBEVSTINLFUUS2JJEQGQYDIQCUKBH52UUN4UZVAQY6CIJ3K75VUVKX.tt.lookfofo.com
Type: A
127.0.0.1
DNSwindowsupdate.microsoft.com
Type: A

Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings