Analysis Date2018-02-06 21:47:27
MD5b8b9156a49e86e26bd3a7c2724a289bc
SHA1274b65b3249f0d6dbf42d176af5671806e02595f

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVAuthentiumW32/Nivdort.A.gen!Eldorado
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)BDS/Zegost.Gen
AVAlwil (avast)Kryptik-OSY [Trj]
AVAd-AwareGen:Variant.Symmi.22722
AVBitDefenderGen:Variant.Symmi.22722
AVBullGuardGen:Variant.Symmi.22722
AVClamAVNo Virus
AVDr. WebTrojan.DownLoader12.43621
AVEmsisoftGen:Variant.Symmi.22722
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVCA (E-Trust Ino)Gen:Variant.Symmi.22722
AVFortinetW32/Kryptik.DDQD!tr
AVFrisk (f-prot)W32/Nivdort.A.gen!Eldorado
AVF-SecureGen:Variant.Symmi.22722
AVIkarusTrojan.Win32.Crypt
AVK7Trojan ( 004cd0081 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesNo Virus
AVMcafeeNivdort!B8B9156A49E8
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort
AVNANONo Virus
AVEset (nod32)Win32/Kryptik.CCLE
AVPadvishNo Virus
AVCAT (quickheal)TrojanSpy.Nivdort.WR3
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecDownloader.Upatre!g15
AVTrend MicroTROJ_WONTON.SMJ1
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderTrojanSpy:Win32/Nivdort
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\THX1138\AppData\Local\Temp\274b65b3249f0d6dbf42d176af5671806e02595f.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\hdpbhbqiqbvqdk\tst
Creates FileC:\Windows\hdpbhbqiqbvqdk\tst
Creates Filec:\Users\THX1138\AppData\Local\Temp\274b65b3249f0d6dbf42d176af5671806e02595f.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\jbgfgxy79y8axenzrdq1hu.exe

Process
↳ C:\Users\THX1138\AppData\Local\Temp\jbgfgxy79y8axenzrdq1hu.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\hdpbhbqiqbvqdk\tst
Creates FileC:\Windows\hdpbhbqiqbvqdk\tst
Creates FileC:\Windows\hdpbhbqiqbvqdk\lck
Creates FileC:\Windows\hdpbhbqiqbvqdk\upd
Creates FileC:\Windows\hdpbhbqiqbvqdk\etc
Creates FileC:\Windows\hdpbhbqiqbvqdk\etc
Creates FileC:\Windows\sysnative\drivers\etc\hosts
Creates FileC:\Windows\hdpbhbqiqbvqdk\run

Process
↳ C:\Windows\lmabogriqd.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\hdpbhbqiqbvqdk\tst
Creates FileC:\Windows\hdpbhbqiqbvqdk\tst
Creates FileC:\Windows\hdpbhbqiqbvqdk\lck

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings