Malware Hosted In United States Ashburn Inc.)

Description :

Contains anti-debugging code
It makes use of some deprecated flags in the Characteristics field of FileHeader
PE section has SizeOfRawData set to zero

 Behaviours :

Automatically unpack its own code
Deletes itself
Deletes itself after reboot
Drops .EXE file
Manipulates Internet Explorer settings
Runs existing executable
Suspicious delay

 TCP Connections

Type Send :

C:cicaafbwww.exe (v.  hxxp://

 Hosting Infos :

Categories: Uncategorized