Analysis Date2018-05-08 18:37:35
MD5dd0a751a7905db1bd61f440ca33c33ca
SHA1337245f31fe4ad76d6d1d97a646bdeaca8a352f9

Static Details:

AVArcabit (arcavir)Trojan.Generic.3842741
AVAuthentiumW32/Trojan.MPVD-5563
AVGrisoft (avg)SHeur2.BBFW
AVAvira (antivir)TR/Crypt.ASPM.Gen
AVAlwil (avast)Stihat [Wrm]
AVAd-AwareTrojan.Generic.3842741
AVBitDefenderTrojan.Generic.3842741
AVBullGuardTrojan.Generic.3842741
AVClamAVWin.Trojan.Autorun-7409
AVDr. WebWin32.HLLP.Stone.2
AVEmsisoftTrojan.Generic.3842741
AVMicroWorld (escan)Trojan.Generic.3842741
AVCA (E-Trust Ino)Trojan.Generic.3842741
AVFortinetW32/Lamer.VB!tr
AVFrisk (f-prot)W32/Trojan2.MJYK
AVF-SecureTrojan.Generic.3842741
AVIkarusTrojan.Win32.Mepaow
AVK7Error Scanning File
AVKasperskyVirus.Win32.Lamer.cb
AVKasperskyWorm.Win32.Generic
AVMalwareBytesError Scanning File
AVMcafeeW32/Autorun.worm.aao
AVMicrosoft Security EssentialsVirus:Win32/Autorun.NE
AVNANOVirus.Win32.Mepaow.btvwx
AVEset (nod32)Win32/AutoRun.Delf.RO worm
AVPadvishWin32.Autorun
AVCAT (quickheal)No Virus
AVRisingWin32.AutoRun.aif
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecSMG.Heur!gen
AVTrend MicroNo Virus
AVTwisterTrojan.68CCB0CFA2FFAB38
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderVirus:Win32/Autorun.NE
AVZillya!Trojan.Mepaow.Win32.18

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe
Creates FileC:\Windows\System32\notepad.exe
Creates FileC:\Windows\System32\notepad.exe.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe
Creates FileC:\Program Files (x86)\Internet Explorer\iexplore.exe
Creates FileC:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe
Creates FileC:\Program Files (x86)\Outlook Express\msimn.exe
Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
Creates FileC:\AUTORUN.INF
Creates FileC:\AUTORUN.INF
Creates FileC:\AUTORUN.INF
Creates FileC:\AUTORUN.INF
Creates FileC:\AUTORUN.INF
Creates FileC:\AUTORUN.INF
Creates FileC:\$Recycle.Bin\S-1-5-21-3402344755-1107900342-2419827007-1000\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe
Creates FileC:\$Recycle.Bin\S-1-5-21-3402344755-1107900342-2419827007-1000\desktop.ini
Creates FileC:\$Recycle.Bin\S-1-5-21-3402344755-1107900342-2419827007-1000\desktop.ini.exe
Creates FileC:\AutoRun.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe
Creates FileC:\AutoRun.exe
Creates FileC:\AutoRun.exe.exe
Creates FileC:\AUTORUN.INF
Creates FileC:\Users\Phil\AppData\Local\Temp\337245f31fe4ad76d6d1d97a646bdeaca8a352f9.exe
Creates FileC:\AUTORUN.INF
Creates Mutex
Creates Mutex
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ➝
Explorer.exe HelpMe.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue ➝
0

Process
↳ C:\Windows\explorer.exe

Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lock
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\WER\ReportArchive
Creates FileC:\ProgramData\Microsoft\Windows\WER\ReportArchive
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\WER\ERC
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
Creates FileC:\
Creates FileC:\Users
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Searches\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Videos\desktop.ini
Creates FileC:\
Creates FileC:\Users
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106\CheckSetting ➝
#
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100\CheckSetting ➝
#
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101\CheckSetting ➝
#

Network Details:


Raw Pcap

Strings