Analysis Date2015-10-20 19:44:14
MD5d27cf983d2bc0e1d4e3847865fd75751
SHA1fbafb2800dc00fe031d3179042f03a0bfdff6f5c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e9a90489aefb4d0e09d80727517dca97 sha1: 120208da0bae5e5ae32dab5ff0c8ec61159587d1 size: 4096
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 2e7cdda7b9ee5aa9ae12c30f96f398ba sha1: 55403856300f3291401cd0c8f418ba1954ba3e3c size: 4096
Timestamp2014-01-18 22:12:01
VersionLegalCopyright: www.java.com
InternalName: cactus
FileVersion: 7.02.0012
CompanyName: Java@Registred
LegalTrademarks: www.java.com
ProductName: JavaUpdate
ProductVersion: 7.02.0012
FileDescription: JavaUpadate.exe
OriginalFilename: cactus.dll
PackerMicrosoft Visual Basic v5.0
PEhash20c8a34b6fe7ec60468d124014d9ac18f7ee1357
IMPhashcd74c16e19de02339ba1d593de4c426e
AVRisingBackdoor.Win32.Bifrose.de
AVMcafeeGeneric Dropper.f
AVAvira (antivir)TR/Dldr.Delphi.Gen4
AVTwisterTrojanDrop.VB.OOQ.dulj
AVAd-AwareDeepScan:Generic.Malware.dld!!.08D70D5D
AVAlwil (avast)Malware-gen:Dropper-gen [Drp]:Bifrose-DZM [Trj]:Win32:Malware-gen
AVEset (nod32)Win32/TrojanDropper.VB.OOQ
AVGrisoft (avg)VBCrypt.CNC
AVSymantecTrojan.KillAV
AVFortinetW32/VB.NMR!tr
AVBitDefenderDeepScan:Generic.Malware.dld!!.08D70D5D
AVK7Trojan ( 000121671 )
AVMicrosoft Security EssentialsTrojan:Win32/Bagsu!rfn:Trojan:Win32/Skeeyah.A!rfn
AVMicroWorld (escan)DeepScan:Generic.Malware.dld!!.08D70D5D
AVMalwareBytesBackdoor.Agent.DC
AVAuthentiumW32/VBTrojan.Dropper.5!Maximus
AVFrisk (f-prot)W32/VBTrojan.Dropper.5!Maximus
AVIkarusTrojan.MulDrop
AVEmsisoftDeepScan:Generic.Malware.dld!!.08D70D5D
AVZillya!Dropper.VB.Win32.62659
AVKasperskyTrojan.Win32.Generic
AVTrend MicroBKDR_BFRS1.TOMA
AVCAT (quickheal)Backdoor.Bifrose.EF3
AVVirusBlokAda (vba32)TrojanDropper.VB
AVPadvishBackdoor.Win32.Bifrose.yxv
AVBullGuardDeepScan:Generic.Malware.dld!!.08D70D5D
AVArcabit (arcavir)DeepScan:Generic.Malware.dld!!.08D70D5D
AVCA (E-Trust Ino)Win32/Rebhip.PHEHJAD
AVClamAVno_virus
AVDr. WebTrojan.MulDrop.7451
AVF-SecureDeepScan:Generic.Malware.dld!!.08D70D5D

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Global Loader ULTRA v5.0.exe
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\server.exe
Creates Process"C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe"

Process
↳ "C:\Documents and Settings\Administrator\Local Settings\Temp\server.exe"

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Winlogon ➝
C:\Documents and Settings\Administrator\Application Data\Winlogon.exe\\x00
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Winlogon ➝
C:\Documents and Settings\Administrator\Application Data\Winlogon.exe\\x00
Creates FilePIPE\lsarpc
Creates Processdw20.exe -x -s 276

Process
↳ dw20.exe -x -s 276

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dw.log
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\138BE.dmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\138BE.dmp
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!

Network Details:


Raw Pcap

Strings