Analysis Date2015-06-27 05:32:53
MD5362287056ca0a7b2b5b84ca3c8b74040
SHA1fbe6fd9016fecd0395ef2843943f0d9c249a71f1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6f1b8ecd7ac1fe31aedd80696ab3332e sha1: b72ba7d1b9b8ae717d3301bd92fa11ae53d98fad size: 16384
Section.rdata md5: caadc16baa9904b1d5d877d1d037f381 sha1: 217076932119e790ace417cca18120dfeda6bdad size: 8192
Section.data md5: 9c897a50ac2fde03dad07e500e0da556 sha1: 79df72ca52b7dfe2f1bc6bed86485369d627ef2e size: 24576
Section.rsrc md5: b85442c0f34a4d2389ffe97500c60dc0 sha1: e3194f8b27c17c3a138b0a9ee85e53e025df1b82 size: 61440
Timestamp2015-05-18 10:28:44
PackerInstaller VISE Custom
PEhashd9de64e25f5ed2af1e239a0fc717fdbc29e34b80
IMPhashe1fcf56d15ca3ea301d69a87c0d449bd
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.Agent.BJXP
AVDr. WebTrojan.Upatre.1135
AVClamAVno_virus
AVArcabit (arcavir)Trojan.Agent.BJXP
AVBullGuardTrojan.Agent.BJXP
AVPadvishno_virus
AVVirusBlokAda (vba32)TrojanDownloader.Upatre
AVCAT (quickheal)TrojanDwnldr.Dalexis.B4
AVTrend MicroTROJ_UPATRE.SM24
AVKasperskyTrojan-Downloader.Win32.Upatre.agog
AVZillya!no_virus
AVEmsisoftTrojan.Agent.BJXP
AVIkarusTrojan-Downloader.Win32.Upatre
AVFrisk (f-prot)W32/Trojan3.PTL
AVAuthentiumW32/Trojan3.PTL
AVMalwareBytesTrojan.Downloader.PDF
AVMicroWorld (escan)Trojan.Agent.BJXP
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre!rfn
AVK7Trojan ( 004c28431 )
AVBitDefenderTrojan.Agent.BJXP
AVFortinetW32/Kryptik.DIPV!tr
AVSymantecDownloader.Upatre!g14
AVGrisoft (avg)Crypt4.AHSW
AVEset (nod32)Win32/Kryptik.DIPV
AVAlwil (avast)Crypt-SBA [Trj]
AVAd-AwareTrojan.Agent.BJXP
AVTwisterTrojanDldr.Upatre.agog.nsuz
AVAvira (antivir)TR/Kryptik.fras
AVMcafeeDownloader-FARP!362287056CA0
AVRisingTrojan.Win32.Kryptik.ab

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
G
tFilpAttributesA
geeEe
\
. 
Zf[
    
041924b2
"BITMAP"
Cancel
Dialog
         (((((                  H
jjjj
MS Sans Serif
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
winscard.dll
,[\[\]
7HEvytGst
<9@9@9:EG=
abnormal program termination
_C'D_______V
Ck7~!d
CloseHandle
CONIN$
CreateBrushIndirect
CreateEventA
CreateFileA
@.data
DestroyWindow
DOMAIN error
!dR!/;
DSUVWh
E%!""~
EnableWindow
ExitProcess
F!KS	3o\&
- floating point not loaded
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleMode
GetCPInfo
GetCurrentProcess
GetCurrentThread
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetTickCount
GetVersion
h 5PG;
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
Kernel32.dll
KERNEL32.dll
kspdfgh4h5f67sdfgsdfhdfiog
LCMapStringA
LCMapStringW
LoadCursorA
LoadLibraryA
LoadLibraryW
LPPLPK<56455678898989;
___M1I(
MessageBoxA
Microsoft Visual C++ Runtime Library
MultiByteToWideChar
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
OpenMutexA
pbaa`gnfYcohZ^loi_^a^ad
Program: 
<program name unknown>
- pure virtual function call
QQQQJ7RTTRNN
`.rdata
ReadConsoleInputA
ResetEvent
ResumeThread
RtlUnwind
runtime error 
Runtime Error!
SCardForgetCardTypeA
SelectObject
SendMessageW
SetConsoleMode
SetHandleCount
SING error
SS@SSPVSS
TerminateProcess
!This program cannot be run in DOS mode.
TLOSS error
t#SSUP
TSTTTTTTTTTR
t.;t$$t(
t$$VSS
uB "!!"
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
user32.dll
USER32.dll
UTVV8FUVXX_V
/________V
__V"BO__H0IV
VC20XC00U
VirtualAlloc
VirtualFree
V____V
VVVVK5VX_X_V
VXVXV X____V
WideCharToMultiByte
WinSCard.dll
WriteFile
WS2_32.dll
'---.X
XX__*P)____V
_^][YY
YYh,p@