Analysis Date2018-05-06 19:16:20
MD5468b14049814cf5374f0d05a15ed030f
SHA120154ea47927b9a72a0e1745aa3e8f17abb72171

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVKasperskyTrojan.Win32.Generic
AVGrisoft (avg)Dropper.Generic8.BBQY
AVMalwareBytesError Scanning File
AVAvira (antivir)TR/Rogue.22761
AVNANOTrojan.Win32.Andromeda.ccgyxx
AVCA (E-Trust Ino)Gen:Variant.Symmi.22996
AVFortinetW32/Kryptik.BBYD!tr
AVDr. WebBackDoor.Andromeda.178
AVBullGuardGen:Variant.Symmi.22996
AVFrisk (f-prot)W32/A-49bf794c!Eldorado
AVSymantecDownloader.Dromedan
AVEset (nod32)Win32/Injector.AIOX
AVWindows DefenderWorm:Win32/Gamarue.AJ
AVAuthentiumW32/A-49bf794c!Eldorado
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AJ
AV360 SafeWorm.Win32.Gamarue.V
AVMicroWorld (escan)Gen:Variant.Symmi.22996
AVVirusBlokAda (vba32)SScope.Worm.Gamarue.2713
AVMcafeeW32/Worm-FKU!468B14049814
AVRisingTrojan.Win32.Read.a
AVPadvishNo Virus
AVAd-AwareGen:Variant.Symmi.22996
AVF-SecureTrojan-Downloader:W32/Wauchos.F
AVTrend MicroWORM_GAMARUE.SMJ
AVCAT (quickheal)Worm.Gamarue.B
AVK7Error Scanning File
AVZillya!Downloader.Andromeda.Win32.3263
AVAlwil (avast)Downloader-TSN [Trj]
AVBitDefenderGen:Variant.Symmi.22996
AVIkarusTrojan.Inject
AVSUPERAntiSpywareTrojan.Agent/Gen-Dofoil
AVEmsisoftGen:Variant.Symmi.22996
AVTwisterTrojan.D875EDBFBC8E8805
AVClamAVWin.Trojan.Downloader-61798
AVArcabit (arcavir)Gen:Variant.Symmi.22996

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\20154ea47927b9a72a0e1745aa3e8f17abb72171.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\20154ea47927b9a72a0e1745aa3e8f17abb72171.exe

Creates FileC:\Windows\SysWOW64\svchost.exe

Process
↳ C:\Windows\SysWOW64\svchost.exe

Creates Mutex
Creates Mutex3770066751
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\20154ea47927b9a72a0e1745aa3e8f17abb72171.exe
Creates FileC:\ProgramData\Local Settings\Temp\cciecauay.cmd
Creates FileC:\Windows\SysWOW64\svchost.exe
Creates FileC:\ProgramData\Local Settings\Temp\cciecauay.cmd
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\42815 ➝
C:\PROGRA~3\LOCALS~1\Temp\cciecauay.cmd

Network Details:


Raw Pcap

Strings