Analysis Date2015-10-22 21:00:11
MD578a1070eda7cd81cfd9242bd46c61daf
SHA1faf488100f0ec8933dab2bffd4ae05b67309fc10

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 87e6f5297088bee5465900427f008173 sha1: 6db6d347c89e9f11e5b27cf5c53669e0bd0656d4 size: 6144
Section.data md5: f1ab2370a364765cc01820a3d76a41eb sha1: a4d996a9b0fb0dd7596ff39134925b46637b7774 size: 2048
Section.rdata md5: 01462bbaa54d603bfa3454feccb63fd6 sha1: 3644b510638233ef5a7a8412f53612d28c36dd85 size: 2560
Section.idata md5: c172974ed6f2dd740abed3a81271b941 sha1: bdd328d3ed06a1f8139fb1d4caf29c748da1580d size: 1536
Section.rsrc md5: adc39a152be102eb7a041e991a6d202c sha1: 76189e9a0c3b080a0c8dcac8bfa0acf0dcd1001a size: 5120
Timestamp2004-05-20 06:02:07
PEhash40798a0e07c1975eae2f4f2f97c0981897c04949
IMPhash641a435995118d1e23b199af0b58ecfd
AVCA (E-Trust Ino)Win32/Upatre.CH
AVF-SecureTrojan.GenericKD.1510674
AVDr. WebTrojan.DownLoad3.28161
AVClamAVWin.Trojan.Generickd-2709
AVArcabit (arcavir)Trojan.GenericKD.1510674
AVBullGuardTrojan.GenericKD.1510674
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)TrojanDownloader.Upatre.A6
AVTrend MicroTROJ_UPATRE.SMZ3
AVKasperskyTrojan-Downloader.Win32.Agent.hdyf
AVZillya!Downloader.Agent.Win32.184143
AVEmsisoftTrojan.GenericKD.1510674
AVIkarusTrojan-Spy.Zbot
AVFrisk (f-prot)W32/Trojan3.HFU
AVAuthentiumW32/Trojan.OEJC-5872
AVMalwareBytesTrojan.Email.FakeDoc
AVMicroWorld (escan)Trojan.GenericKD.1510674
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre.A
AVK7Trojan ( 0040f7411 )
AVBitDefenderTrojan.GenericKD.1510674
AVFortinetW32/Kryptik.CF!tr
AVSymantecTrojan.Zbot
AVGrisoft (avg)Error Scanning File
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVAlwil (avast)Waski-C [Cryp]
AVAd-AwareTrojan.GenericKD.1510674
AVTwisterTrojanDldr.Waski.A.netu
AVAvira (antivir)TR/Dldr.Upatre.A.67
AVMcafeeBackDoor-FBPV!78A1070EDA7C
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\budha.exe
Creates FilePIPE\wkssvc
Creates Process"C:\Documents and Settings\Administrator\Local Settings\Temp\budha.exe"

Process
↳ "C:\Documents and Settings\Administrator\Local Settings\Temp\budha.exe"

Network Details:


Raw Pcap

Strings