Description

• Probable Name:
• MD5: 14010ce6f03e0a978693424d60e34ba9
• SHA1: 99ac7dbc9c680d685196a62d0358c773650d97b1
  
• SHA256: 8006cbd1c70b2ed096af9c72d6fef2c3e9cb0a4168540897967e5d3bbb2331bc
  

• Zip password: infected

• VirusTotal
• HybridAnalysis

• RobotHash

Timeline

Fri Apr 29 22:04:08 CEST 2016

started win4

Fri Apr 29 22:05:51 CEST 2016

Infected

Analysis

It is using DGA, and is the fasted DGA I ever saw. After some days, it stopped sending traffic.

Sun May 1 17:54:23 CEST 2016

poweroff