Analysis Date2018-04-23 16:05:43
MD5f5686c5b7064b647f2acafed6e2890b1
SHA137a976d3e3c774e0d8ccfed84e36b0252f08fd75

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Win32.Crytex.A
AVAuthentiumW32/Crytex.1290
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)W32/Crytex.1290
AVAlwil (avast)Cryte
AVAlwil (avast)Win32:Cryte
AVAd-AwareWin32.Crytex.A
AVBitDefenderWin32.Crytex.A
AVBullGuardWin32.Crytex.A
AVClamAVWin.Virus.Hublo-1
AVDr. WebWin32.Siggen.15
AVEmsisoftWin32.Crytex.A
AVMicroWorld (escan)Win32.Crytex.A
AVCA (E-Trust Ino)Win32.Crytex.A
AVFortinetW32/Crytex.290
AVFrisk (f-prot)W32/Crytex.1290
AVF-SecureWin32.Crytex.A
AVIkarusGen.Malware.Heur
AVK7Virus ( 0040f5911 )
AVKasperskyVirus.Win32.Crytex.1290
AVMalwareBytesNo Virus
AVMcafeeW32/NGVCK.a
AVMicrosoft Security EssentialsVirus:Win32/Hublo.A
AVNANOError Scanning File
AVEset (nod32)Win32/Geksone.B virus
AVPadvishNo Virus
AVCAT (quickheal)W32.Hublo.A
AVRisingWin32.Crytex.a
AV360 SafeVirus.Win32.Crytex.A
AVSUPERAntiSpywareError Scanning File
AVSymantecBloodhound.W32.1
AVTrend MicroPE_CRYTEX.A
AVTwisterVirus.609CE8000000005D81.mg
AVVirusBlokAda (vba32)Virus.Win32.Crytex.1290
AVWindows DefenderVirus:Win32/Hublo.A
AVZillya!Virus.Geksone.Win32.1

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\37a976d3e3c774e0d8ccfed84e36b0252f08fd75.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\37a976d3e3c774e0d8ccfed84e36b0252f08fd75.exe
Creates FileC:\Windows\SysWOW64\FlashPlayerApp.exe

Network Details:


Raw Pcap

Strings