Analysis Date2018-03-24 23:35:31
MD507b1cfcc6a9535dbcd29d7882187565f
SHA137a99794b552344d1d96630c3493c217c5992cde

Static Details:

AVArcabit (arcavir)Trojan.Generic.3611302
AVAuthentiumW32/StartPage.D.gen!Eldorado
AVGrisoft (avg)Downloader.Generic9.CBWX
AVAvira (antivir)ADWARE/Adware.Gen
AVAlwil (avast)No Virus
AVAd-AwareTrojan.Generic.3611302
AVBitDefenderTrojan.Generic.3611302
AVBullGuardTrojan.Generic.3611302
AVClamAVWin.Downloader.134770-1
AVDr. WebTrojan.MulDrop6.46182
AVEmsisoftTrojan.Generic.3611302
AVMicroWorld (escan)Trojan.Generic.3611302
AVCA (E-Trust Ino)Trojan.Generic.3611302
AVFortinetW32/StartPage.XUR!tr
AVFrisk (f-prot)W32/StartPage.D.gen!Eldorado
AVF-SecureTrojan.Generic.3611302
AVIkarusTrojan-Dropper.Agent
AVK7Error Scanning File
AVKasperskyTrojan-Downloader.Win32.Old.aa
AVMalwareBytesNo Virus
AVMcafeeGeneric.dx!07B1CFCC6A95
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Adload.cpqkw
AVEset (nod32)Win32/StartPage.OFX
AVPadvishMalware.Trojan.Downloader-134770
AVCAT (quickheal)No Virus
AVRisingTrojan.Win32.StartPage.pbg
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecDownloader
AVTrend MicroTSPY_DO.66A20D56
AVTwisterTrojan.D59FAC4BB82EE4A6
AVVirusBlokAda (vba32)TrojanDownloader.Adload
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\37a99794b552344d1d96630c3493c217c5992cde.exe

Creates Mutex°²×°
Creates Mutex
Creates Mutex
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\
Creates FileC:\Program Files (x86)\desktop.ini
Creates FileC:\Program Files (x86)
Creates FileC:\Program Files (x86)\Internet Explorer
Creates FileC:\Program Files (x86)\Internet Explorer\iexplore.exe
Creates FileC:\Program Files (x86)\Internet Explorer\
Creates FileC:\Program Files (x86)\Internet Explorer\iexplore.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\ie.temp
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\strLink ➝
37a99794b552344d1d96630c3493c217c5992cde
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\appTitle ➝
37a99794b552344d1d96630c3493c217c5992cde
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\proRunNum ➝
1
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\pageID ➝
0

Process
↳ C:\Windows\explorer.exe

Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Public\desktop.ini
Creates FileC:\Users\Public
Creates FileC:\Users\Public\Desktop\desktop.ini
Creates FileC:\Users\Phil\Desktop
Creates FileC:\Users\Phil\Desktop\Internet Explorer.lnk
Creates FileC:\Users\Public\Desktop
Creates FileC:\Users\Phil\Desktop
Creates FileC:\Users\Phil\Desktop\Internet Explorer.lnk
Creates FileC:\Users\Public\Desktop
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Searches\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Videos\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Pictures\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Contacts\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Music\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Downloads\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Documents\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Links\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Saved Games\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Internet Explorer
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun1.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun1.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun1.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun1.bat

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun44.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun44.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun44.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun44.bat

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun36.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun36.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun36.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun36.bat

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun49.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun49.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun49.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun49.bat

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun99.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun99.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun99.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun99.bat

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui
Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun67.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun67.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun67.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun67.bat

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun74.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun74.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun74.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun74.bat

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun63.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun63.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun63.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun63.bat

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui
Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun14.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun14.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun14.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun14.bat

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\srun15.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun15.bat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\srun15.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\srun15.bat

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui
Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui
Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cacls.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\SysWOW64\en-US\cacls.exe.mui
Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui

Network Details:


Raw Pcap

Strings