Analysis Date2018-05-05 05:04:49
MD589b39d6f3adc0de04407d5df30177b46
SHA137b2417ccdb237e55501eb229078c98a60664ea0

Static Details:

File typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
PEhash
AVArcabit (arcavir)Trojan.Agent.BMKE
AVAuthentiumNo Virus
AVGrisoft (avg)Pakes.RGQ
AVAvira (antivir)TR/Crypt.Xpack.254053
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareTrojan.Agent.BMKE
AVBitDefenderTrojan.Agent.BMKE
AVBullGuardTrojan.Agent.BMKE
AVClamAVNo Virus
AVDr. WebTrojan.MulDrop6.3201
AVEmsisoftTrojan.Agent.BMKE
AVMicroWorld (escan)Trojan.Agent.BMKE
AVCA (E-Trust Ino)Trojan.Agent.BMKE
AVFortinetW32/Generic.AC.29CBB9!tr
AVFrisk (f-prot)No Virus
AVF-SecureTrojan.Agent.BMKE
AVIkarusTrojan.Win32.Kovter
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Kovter
AVMcafeeGenericRXEC-ZS!89B39D6F3ADC
AVMicrosoft Security EssentialsTrojan:Win32/Kovter!rfn
AVNANOTrojan.Win32.Drop.dwrkxg
AVEset (nod32)Win32/Kovter.C
AVPadvishNo Virus
AVCAT (quickheal)Trojan.Generic.B4
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecTrojan.Kotver!gen2
AVTrend MicroNo Virus
AVTwisterW32.Kovter.C.sowd
AVVirusBlokAda (vba32)Trojan.Yakes
AVWindows DefenderTrojan:Win32/Kovter!rfn
AVZillya!Trojan.Yakes.Win32.38977

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\37b2417ccdb237e55501eb229078c98a60664ea0.exe

Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Process
↳ C:\Windows\System32\mshta.exe

Creates MutexLocal\!PrivacIE!SharedMemory!Mutex
Creates Mutex
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates FileC:\Windows\System32\rsaenh.dll

Network Details:


Raw Pcap

Strings