Analysis Date2018-06-10 03:15:08
MD557d4a2592c055e5a022343d4c90789e0
SHA138c21903f6166142a02a2ae2ae8a4e6e23625c41

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
PEhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\38c21903f6166142a02a2ae2ae8a4e6e23625c41.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates Mutex
Creates Mutex

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f657272 6f722e70 68703f73   GET /error.php?s
0x00000010 (00016)   7472696e 673d5a6d 46305957 77734e69   tring=ZmF0YWwsNi
0x00000020 (00032)   78756279 42696457 356b6247 567a4c43   xubyBidW5kbGVzLC
0x00000030 (00048)   7773636d 383d2048 5454502f 312e300d   wscm8= HTTP/1.0.
0x00000040 (00064)   0a486f73 743a2077 6f6f6c2e 72616262   .Host: wool.rabb
0x00000050 (00080)   69747377 65617465 722e7765 6263616d   itsweater.webcam
0x00000060 (00096)   0d0a5573 65722d41 67656e74 3a204e53   ..User-Agent: NS
0x00000070 (00112)   4953444c 2f312e32 20284d6f 7a696c6c   ISDL/1.2 (Mozill
0x00000080 (00128)   61290d0a 41636365 70743a20 2a2f2a0d   a)..Accept: */*.
0x00000090 (00144)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f6c6175 6e63685f 76352e70   GET /launch_v5.p
0x00000010 (00016)   68703f70 3d267069 643d3332 33342674   hp?p=&pid=3234&t
0x00000020 (00032)   69643d32 30323335 37353026 625f7479   id=20235750&b_ty
0x00000030 (00048)   703d7065 266e3d51 336c695a 584a4861   p=pe&n=Q3liZXJHa
0x00000040 (00064)   47397a64 413d3d26 7265623d 31266963   G9zdA==&reb=1&ic
0x00000050 (00080)   3d204854 54502f31 2e300d0a 486f7374   = HTTP/1.0..Host
0x00000060 (00096)   3a206b69 73732e6d 61726b65 74636869   : kiss.marketchi
0x00000070 (00112)   636b656e 732e6d65 6e0d0a55 7365722d   ckens.men..User-
0x00000080 (00128)   4167656e 743a204e 53495344 4c2f312e   Agent: NSISDL/1.
0x00000090 (00144)   3220284d 6f7a696c 6c61290d 0a416363   2 (Mozilla)..Acc
0x000000a0 (00160)   6570743a 202a2f2a 0d0a0d0a            ept: */*....


Strings