Analysis Date2018-04-19 12:21:41
MD5de447c18b4d2256a1b285f3f88ac3332
SHA13690f344c2db9f88ec04dc3ed3da15d445f60d14

Static Details:

File typePE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
PEhash
AVArcabit (arcavir)Gen:Variant.Graftor.246524
AVAuthentiumNo Virus
AVGrisoft (avg)Generic36.BYRL
AVAvira (antivir)WORM/Lodbak.Gen4
AVAlwil (avast)Trojan-gen
AVAlwil (avast)Win32:Trojan-gen
AVAd-AwareGen:Variant.Graftor.246524
AVBitDefenderGen:Variant.Graftor.246524
AVBullGuardError Scanning File
AVClamAVNo Virus
AVDr. WebNo Virus
AVEmsisoftGen:Variant.Graftor.246524
AVMicroWorld (escan)Gen:Variant.Graftor.246524
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Generic.AC.33E210!tr
AVFrisk (f-prot)No Virus
AVF-SecureTrojan:W32/Gamarue.F
AVIkarusNo Virus
AVK7Trojan ( 004cddf61 )
AVKasperskyError Scanning File
AVMalwareBytesNo Virus
AVMcafeeTrojan-FGZX!E0641837683F
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Bundpil.dwsdov
AVEset (nod32)Win32/Bundpil.DJ.gen worm
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingWorm.Gamarue!5647
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecPacked.Dromedan!gen17
AVTrend MicroMal_Bundpil-4
AVTwisterNo Virus
AVVirusBlokAda (vba32)Worm.Bundpil
AVWindows DefenderNo Virus
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\3690f344c2db9f88ec04dc3ed3da15d445f60d14.dll

Process
↳ C:\Windows\SysWOW64\rundll32.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\IndexerVolumeGuid

Network Details:


Raw Pcap

Strings