Analysis Date2015-11-15 09:39:55
MD56e6e00f90fa40c5f50dbd576b45cdd3e
SHA1fe9e5f2d550c5627803d09cc088a4c793d510e66

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c4e2caaa87ad0c06277f38653c148dcc sha1: 3581673b1e154b5b166d61a6b9497b9c991d0529 size: 32768
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 60a2a6355099ae669160c966736f499a sha1: abedbd2fcee6cf228f96a2438846262c1d288442 size: 8192
Timestamp2014-04-28 07:36:47
VersionInternalName: LammosTraseg
FileVersion: 2.00.0096
CompanyName: Flash
LegalTrademarks: Flash game pularinazos lomij oli kasandra bo.
Comments: Flash game pularinazos lomij oli kasandra bo.
ProductName: Flash game pularinazos lomij oli kasandra bo.
ProductVersion: 2.00.0096
OriginalFilename: LammosTraseg.exe
PackerMicrosoft Visual Basic v5.0
PEhashc31c85a1e5dcdb7cda2a58fcd013b65b8000b0f4
IMPhash81b590bc14c4c358078c1b2e8621585b
AVRisingno_virus
AVMcafeeDownloader-FABC!6E6E00F90FA4
AVAvira (antivir)TR/Cutwail.nzjs
AVTwisterTrojan.Inject.muaf.xdln
AVAd-AwareGen:Variant.Zusy.91469
AVAlwil (avast)Downloader-VGC [Trj]
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVGrisoft (avg)Generic_vb.XQ
AVSymantecno_virus
AVFortinetW32/Tiny.NKK!tr.dldr
AVBitDefenderGen:Variant.Zusy.91469
AVK7Trojan ( 004997531 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail
AVMicroWorld (escan)Gen:Variant.Zusy.91469
AVMalwareBytesBackdoor.Bot
AVAuthentiumW32/A-0f0eb770!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Downloader.Lammos
AVEmsisoftGen:Variant.Zusy.91469
AVZillya!Trojan.Inject.Win32.73402
AVKasperskyTrojan.Win32.Inject.muaf
AVTrend Microno_virus
AVCAT (quickheal)Worm.Gamarue.I3
AVVirusBlokAda (vba32)Trojan.Inject
AVPadvishno_virus
AVBullGuardGen:Variant.Zusy.91469
AVArcabit (arcavir)Gen:Variant.Zusy.91469
AVClamAVno_virus
AVDr. WebTrojan.Packed.26578
AVF-SecureGen:Variant.Zusy.91469
AVCA (E-Trust Ino)Win32/Loanpasw.A
AVRisingno_virus
AVMcafeeDownloader-FABC!6E6E00F90FA4
AVAvira (antivir)TR/Cutwail.nzjs
AVTwisterTrojan.Inject.muaf.xdln
AVAd-AwareGen:Variant.Zusy.91469
AVAlwil (avast)Downloader-VGC [Trj]
AVEset (nod32)Win32/TrojanDownloader.Tiny.NKK
AVGrisoft (avg)Generic_vb.XQ
AVSymantecno_virus
AVFortinetW32/Tiny.NKK!tr.dldr
AVBitDefenderGen:Variant.Zusy.91469
AVK7Trojan ( 004997531 )
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail
AVMicroWorld (escan)Gen:Variant.Zusy.91469
AVMalwareBytesBackdoor.Bot
AVAuthentiumW32/A-0f0eb770!Eldorado
AVFrisk (f-prot)no_virus
AVIkarusTrojan-Downloader.Lammos

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\2fda_appcompat.txt
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\dwwin.exe -x -s 196
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 124 -e 152 -g

Process
↳ C:\WINDOWS\system32\dwwin.exe -x -s 196

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 124 -e 152 -g

Network Details:


Raw Pcap

Strings