Analysis Date2018-04-25 03:07:51
MD5cf3f5c89ce1d4f56ff7674a49fcfffcf
SHA104ac793ba2f583c40983f158bfe34d3e8da449d5

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVSymantecNo Virus
AVEset (nod32)No Virus
AV360 SafeNo Virus
AVVirusBlokAda (vba32)No Virus
AVF-SecureNo Virus
AVRisingNo Virus
AVCAT (quickheal)No Virus
AVAvira (antivir)No Virus
AVFortinetNo Virus
AVCA (E-Trust Ino)Error Scanning File
AVIkarusError Scanning File
AVTrend MicroNo Virus
AVPadvishNo Virus
AVMicroWorld (escan)No Virus
AVClamAVError Scanning File
AVAuthentiumNo Virus
AVKasperskyError Scanning File
AVGrisoft (avg)Error Scanning File
AVDr. WebNo Virus
AVWindows DefenderNo Virus
AVBullGuardError Scanning File
AVNANONo Virus
AVMalwareBytesNo Virus
AVTwisterNo Virus
AVAd-AwareAdware.DealPly.1.Gen
AVSUPERAntiSpywareNo Virus
AVFrisk (f-prot)No Virus
AVEmsisoftAdware.DealPly.1.Gen
AVZillya!Error Scanning File
AVArcabit (arcavir)Adware.DealPly.1.Gen
AVMicrosoft Security EssentialsNo Virus
AVK7Error Scanning File
AVAlwil (avast)Evo-gen [Susp]
AVBitDefenderAdware.DealPly.1.Gen
AVMcafeeNo Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\04ac793ba2f583c40983f158bfe34d3e8da449d5.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Network Details:


Raw Pcap

Strings