Analysis Date2018-05-12 19:59:26
MD5524fe47179aba21a5dc335262a1759d6
SHA106031f5d64c32468a29c7f8e58b42ce77a5a9f06

Static Details:

AVArcabit (arcavir)Gen:Variant.Zusy.186211
AVAuthentiumW32/A-1ec329e0!Eldorado
AVGrisoft (avg)Generic32.CQJL
AVAvira (antivir)TR/Dropper.Gen7
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.Zusy.186211
AVBitDefenderGen:Variant.Zusy.186211
AVBullGuardGen:Variant.Zusy.186211
AVClamAVWin.Trojan.Agent-1368218
AVDr. WebTrojan.DownLoad3.22515
AVEmsisoftGen:Variant.Zusy.186211
AVMicroWorld (escan)Gen:Variant.Zusy.186211
AVCA (E-Trust Ino)Gen:Variant.Zusy.186211
AVFortinetW32/Generic.AC.1CFBE1!tr
AVFrisk (f-prot)W32/A-1ec329e0!Eldorado
AVF-SecureGen:Variant.Zusy.186211
AVIkarusTrojan.Win32.Scar
AVK7Trojan ( 0043a4491 )
AVKasperskyTrojan.Win32.Scar.ojsz
AVMalwareBytesTrojan.Agent
AVMcafeeTrojan-FDXL!524FE47179AB
AVMicrosoft Security EssentialsTrojan:Win32/Sakurel.B!dha
AVNANOTrojan.Win32.Agent.btwnys
AVNANOTrojan.Win64.Agent.cysfdn
AVEset (nod32)Win32/Shyape.G
AVPadvishNo Virus
AVCAT (quickheal)Trojan.Sakurel.S8447
AVRisingTrojan.Win32.Generic.1483099E
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Scar
AVSymantecTrojan.Sakurel
AVTrend MicroBKDR_DIOFOPI.SM
AVTwisterTrojan.F5D4D60C125C8750
AVVirusBlokAda (vba32)Trojan.Scar
AVWindows DefenderTrojan:Win32/Sakurel.B!dha
AVZillya!Trojan.Scar.Win32.79088

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\06031f5d64c32468a29c7f8e58b42ce77a5a9f06.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\MicroMedia\MediaCenter.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\06031f5d64c32468a29c7f8e58b42ce77a5a9f06.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\MicroMedia\MediaCenter.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\MicroMedia ➝
C:\Users\Phil\AppData\Local\Temp\MicroMedia\MediaCenter.exe
Creates Mutex
Creates Mutex

Process
↳ C:\Users\Phil\AppData\Local\Temp\MicroMedia\MediaCenter.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\MicroMedia\rss.tmp
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaCenter_RASMANCS\EnableFileTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaCenter_RASMANCS\EnableConsoleTracing ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaCenter_RASMANCS\FileTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaCenter_RASMANCS\ConsoleTracingMask ➝
4294901760
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaCenter_RASMANCS\MaxFileSize ➝
1048576
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaCenter_RASMANCS\FileDirectory ➝
%windir%\tracing

Process
↳ C:\Windows\explorer.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Process
↳ C:\Windows\SysWOW64\PING.EXE

Creates File\??\Nsi

Network Details:


Raw Pcap

Strings