Analysis Date2018-04-08 00:44:20
MD51a09ed8f11fe7e5f8b460159cb67cfc6
SHA119da687e5605320fd874ccfdba69cba8a2b6a36f

Static Details:

File typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
PEhash
AVArcabit (arcavir)No Virus
AVAuthentiumNo Virus
AVGrisoft (avg)No Virus
AVAvira (antivir)No Virus
AVAlwil (avast)Evo-gen [Susp]
AVAd-AwareNo Virus
AVBitDefenderNo Virus
AVBullGuardNo Virus
AVClamAVError Scanning File
AVDr. WebError Scanning File
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)Error Scanning File
AVFortinetError Scanning File
AVFrisk (f-prot)No Virus
AVF-SecureNo Virus
AVIkarusError Scanning File
AVK7Error Scanning File
AVKasperskyError Scanning File
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsError Scanning File
AVNANONo Virus
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\19da687e5605320fd874ccfdba69cba8a2b6a36f.exe

Process
↳ C:\Program Files (x86)\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates File\??\Nsi
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\Phil\AppData\Local\Temp\Low
Creates MutexLocal\!BrowserEmulation!SharedMemory!Mutex
Creates Mutex
Creates MutexRasPbFile
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\VerCache ➝
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings ➝
F

Process
↳ C:\Windows\explorer.exe

Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\
Creates FileC:\Users

Process
↳ C:\Program Files (x86)\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates Mutex
Creates Mutex
Creates Mutex

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings