Analysis Date2018-03-19 22:54:42
MD55be0777e1f15614b7e670dfb81be8604
SHA137a9438e1c9526f964cb8764f410fd2253676101

Static Details:

AVArcabit (arcavir)Gen:Variant.Midie.44443
AVAuthentiumNo Virus
AVGrisoft (avg)No Virus
AVAvira (antivir)No Virus
AVAlwil (avast)Error Scanning File
AVAd-AwareGen:Variant.Midie.44443
AVBitDefenderGen:Variant.Midie.44443
AVBullGuardGen:Variant.Midie.44443
AVClamAVNo Virus
AVDr. WebTrojan.Vittalia.16016
AVEmsisoftGen:Variant.Midie.44443
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Kryptik.GELA!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Midie.44443
AVIkarusNo Virus
AVK7Error Scanning File
AVKasperskyNo Virus
AVMalwareBytesError Scanning File
AVMcafeePacked-XP!5BE0777E1F15
AVMicrosoft Security EssentialsSoftwareBundler:Win32/Prepscram
AVNANONo Virus
AVEset (nod32)Win32/Kryptik.GELA
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderSoftwareBundler:Win32/Prepscram
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\37a9438e1c9526f964cb8764f410fd2253676101.exe

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 68747470 3a2f2f6c 69702e68   GET http://lip.h
0x00000010 (00016)   65616c74 6863616b 65732e6d 656e2f68   ealthcakes.men/h
0x00000020 (00032)   5f726564 69722e70 68703f6f 66666572   _redir.php?offer
0x00000030 (00048)   5f69643d 34266166 665f6964 3d313030   _id=4&aff_id=100
0x00000040 (00064)   3626736f 75726365 3d313126 6166665f   6&source=11&aff_
0x00000050 (00080)   7375623d 31353035 26616666 5f737562   sub=1505&aff_sub
0x00000060 (00096)   323d3432 34383937 39266166 665f7375   2=4248979&aff_su
0x00000070 (00112)   62333d26 6166665f 73756234 3d4c505f   b3=&aff_sub4=LP_
0x00000080 (00128)   44454626 6166665f 73756235 3d313334   DEF&aff_sub5=134
0x00000090 (00144)   37333831 37363426 75726c3d 68747470   7381764&url=http
0x000000a0 (00160)   25334125 32462532 466c6970 2e686561   %3A%2F%2Flip.hea
0x000000b0 (00176)   6c746863 616b6573 2e6d656e 2f6f6666   lthcakes.men/off
0x000000c0 (00192)   65722e70 68702533 46616666 49642533   er.php%3FaffId%3
0x000000d0 (00208)   447b6166 665f6964 7d253236 74726163   D{aff_id}%26trac
0x000000e0 (00224)   6b696e67 49642533 44333237 34353434   kingId%3D3274544
0x000000f0 (00240)   39302532 36696e73 74496425 33443131   90%26instId%3D11
0x00000100 (00256)   25323668 6f5f7472 61636b69 6e676964   %26ho_trackingid
0x00000110 (00272)   2533447b 7472616e 73616374 696f6e5f   %3D{transaction_
0x00000120 (00288)   69647d25 32366363 2533447b 636f756e   id}%26cc%3D{coun
0x00000130 (00304)   7472795f 636f6465 7d253236 63635f74   try_code}%26cc_t
0x00000140 (00320)   79702533 44686f25 32367362 25334478   yp%3Dho%26sb%3Dx
0x00000150 (00336)   36342532 366e6574 25334433 2e352e33   64%26net%3D3.5.3
0x00000160 (00352)   30373239 2e343932 36253236 69652533   0729.4926%26ie%3
0x00000170 (00368)   44382532 65302532 65373630 30253265   D8%2e0%2e7600%2e
0x00000180 (00384)   31363338 35253236 77762533 44372532   16385%26wv%3D7%2
0x00000190 (00400)   36646225 3344496e 7465726e 65744578   6db%3DInternetEx
0x000001a0 (00416)   706c6f72 65722532 36756163 25334431   plorer%26uac%3D1
0x000001b0 (00432)   25323663 69642533 44653536 63393365   %26cid%3De56c93e
0x000001c0 (00448)   62343836 36313762 31626363 64383765   b486617b1bccd87e
0x000001d0 (00464)   31343836 63363737 64253236 6f736425   1486c677d%26osd%
0x000001e0 (00480)   33443133 25323672 65732533 44383030   3D13%26res%3D800
0x000001f0 (00496)   78363030 25323676 25334433 20485454   x600%26v%3D3 HTT
0x00000200 (00512)   502f312e 310d0a48 6f73743a 206c6970   P/1.1..Host: lip
0x00000210 (00528)   2e686561 6c746863 616b6573 2e6d656e   .healthcakes.men
0x00000220 (00544)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000230 (00560)   6f73650d 0a416363 6570743a 202a2f2a   ose..Accept: */*
0x00000240 (00576)   0d0a5573 65722d41 67656e74 3a20496e   ..User-Agent: In
0x00000250 (00592)   7374616c 6c436170 6974616c 0d0a0d0a   stallCapital....
0x00000260 (00608)                                         


Strings