Analysis Date2018-04-24 19:04:08
MD5c619074d566d32ad1fe72bfc8f60649d
SHA1191ea01f1210db3ce4ccfaa624c3a72d35466513

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVZillya!Dropper.Dapato.Win32.21908
AVCA (E-Trust Ino)Gen:Variant.Oficla.11
AVAvira (antivir)BDS/Phdet.S.9
AVMcafeeGenericRXEK-VC!C619074D566D
AVK7RootKit ( 004e586b1 )
AVGrisoft (avg)Error Scanning File
AVF-SecureGen:Variant.Oficla.11
AVBullGuardGen:Variant.Oficla.11
AVAd-AwareGen:Variant.Oficla.11
AVSUPERAntiSpywareNo Virus
AVMicroWorld (escan)Gen:Variant.Oficla.11
AVArcabit (arcavir)Gen:Variant.Oficla.11
AVEmsisoftGen:Variant.Oficla.11
AVVirusBlokAda (vba32)BScope.Trojan.MTA.01233
AVTwisterTrojanDrop.Dapato.egdg.qqmj
AVBitDefenderGen:Variant.Oficla.11
AVFortinetW32/BlackEnergy.AH!tr
AVWindows DefenderBackdoor:Win32/Phdet.S
AVRisingNo Virus
AVSymantecNo Virus
AV360 SafeNo Virus
AVEset (nod32)Win32/Rootkit.BlackEnergy.AH
AVClamAVNo Virus
AVAlwil (avast)Malware-gen
AVCAT (quickheal)No Virus
AVPadvishNo Virus
AVMicrosoft Security EssentialsBackdoor:Win32/Phdet.S
AVAlwil (avast)Win32:Malware-gen
AVMalwareBytesExploit.Agent
AVAuthentiumW32/Dapato.L.gen!Eldorado
AVDr. WebTrojan.Upatre.1
AVKasperskyTrojan-Dropper.Win32.Dapato.egdg
AVFrisk (f-prot)W32/Dapato.L.gen!Eldorado
AVIkarusNo Virus
AVTrend MicroTROJ_UPATRE.SM37
AVNANOTrojan.Win32.DownLoad3.ddcdgk

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\191ea01f1210db3ce4ccfaa624c3a72d35466513.exe

Creates MutexGlobal\{3D5A1694-CC2C-4ee7-A3D5-A879A9E3A62A}
Creates MutexGlobal\{3D5A1694-CC2C-4ee7-A3D5-A879A9E3A62A}
Creates MutexGlobal\{3D5A1694-CC2C-4ee7-A3D5-A879A9E3A62A}
Creates Mutex
Creates Mutex
Creates FileC:\Users\Phil\AppData\Local\Temp\191ea01f1210db3ce4ccfaa624c3a72d35466513.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\cnwog.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\cnwog.exe

Creates MutexGlobal\{3D5A1694-CC2C-4ee7-A3D5-A879A9E3A62A}
Creates MutexGlobal\{3D5A1694-CC2C-4ee7-A3D5-A879A9E3A62A}
Creates MutexGlobal\{3D5A1694-CC2C-4ee7-A3D5-A879A9E3A62A}
Creates FileC:\Users\Phil\AppData\Local\Temp\cnwog.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Network Details:


Raw Pcap

Strings