Analysis Date2015-06-12 23:25:27
MD544543de7917f3fa50551b3f10a7b6a5f
SHA1f6406b348dc3daf6fc68bdd762b6856ca5b7c2dc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f6d37dbb742f1b5cfb114c7aa46e0d22 sha1: 0c5e7363991ec6c82b0120047199fd4afb13f127 size: 15872
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.xcpad md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 0b6d2c49a0c581aac667520fe1d64be9 sha1: a586ae8e761b7a3c2dcf7c09daecc422b50c4229 size: 1024
Section.reloc md5: 1d2826c44311e3eea7285e947f031826 sha1: 151a275336fe91e4b1ac431cddfb43c73c5b6186 size: 512
Section.rsrc md5: b6d7555ca36e0b11828a6363ab83c1d8 sha1: c30ee3cbce8f2452a00bdc517d0ea6a2c0cd57a2 size: 3584
Timestamp1970-01-01 00:00:15
VersionLegalCopyright:
PackagerVersion: 7.0.162
InternalName:
FileVersion: 1.0.0.0
CompanyName:
Comments:
ProductName:
ProductVersion: 1.0.0.0
FileDescription:
Packager: Xenocode Postbuild 2009 for .NFT Beta
OriginalFilename:
PEhashb8312a099649a0801e445d9f21a7a19e42d8a977
IMPhash4582ffdd7eb98cb63a937096204182b7
AVRisingno_virus
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Heur.Codenox.2
AVDr. WebTrojan.DownLoader.64331
AVClamAVWin.Trojan.Poison-4274
AVArcabit (arcavir)Gen:Heur.Codenox.2
AVBullGuardGen:Heur.Codenox.2
AVPadvishMalware.SubId.78017233
AVVirusBlokAda (vba32)Trojan.Bifrose
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyTrojan.Win32.Generic
AVZillya!Trojan.Genome.Win32.118232
AVEmsisoftGen:Heur.Codenox.2
AVIkarusBackdoor.Poison
AVFrisk (f-prot)W32/Backdoor2.GCEB
AVAuthentiumW32/Backdoor2.GCEB
AVMalwareBytesno_virus
AVMicroWorld (escan)Gen:Heur.Codenox.2
AVMicrosoft Security Essentialsno_virus
AVK7Riskware ( 0015e4f21 )
AVBitDefenderGen:Heur.Codenox.2
AVFortinetW32/Dx.VYQ!tr
AVSymantecTrojan.ADH
AVGrisoft (avg)BackDoor.Bifrose.IPY
AVEset (nod32)Win32/Bifrose.NEV
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Heur.Codenox.2
AVTwisterVirus.18FCAF31E33ED91D
AVAvira (antivir)TR/Gender.367563
AVMcafeeno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\wkssvc
Creates Process"C:\Server.exe"
Creates Mutex_xvm_mtx_file_0x74A102FE
Creates Mutex_xvm_mtx_other_0x74A102FE
Creates Mutex_xvm_mtx_reg_0x74A102FE

Process
↳ "C:\Server.exe"

Creates Mutex_xvm_mtx_file_0x74A102FE
Creates Mutex_xvm_mtx_other_0x74A102FE
Creates MutexDBWinMutex
Creates Mutex_xvm_mtx_reg_0x74A102FE

Network Details:


Raw Pcap

Strings