Analysis Date2018-04-19 22:09:40
MD5b6a8c3042a6975e81d061bdd4e802bcb
SHA13bf7cd5c8c6054a7356fa675bcd76d4f38ed1224

Static Details:

AVRisingTrojan.Win32.Bayrod.a
AVClamAVNo Virus
AVBitDefenderGen:Variant.Kazy.604861
AVAlwil (avast)VB-AJEW [Trj]
AVZillya!No Virus
AVIkarusTrojan.Win32.Bayrob
AVArcabit (arcavir)Gen:Variant.Kazy.604861
AVEmsisoftGen:Variant.Kazy.604861
AVAuthentiumW32/Scar.R.gen!Eldorado
AVMicroWorld (escan)Gen:Variant.Kazy.604861
AVVirusBlokAda (vba32)No Virus
AV360 SafeNo Virus
AVKasperskyTrojan.Win32.Generic
AVFrisk (f-prot)W32/Scar.R.gen!Eldorado
AVK7Trojan ( 004da8bd1 )
AVAd-AwareGen:Variant.Kazy.604861
AVNANONo Virus
AVSymantecDownloader.Upatre!g15
AVBullGuardGen:Variant.Kazy.604861
AVF-SecureGen:Variant.Kazy.604861
AVPadvishNo Virus
AVTrend MicroNo Virus
AVAvira (antivir)TR/Crypt.Xpack.hlosz
AVGrisoft (avg)Win32/Cryptor
AVMalwareBytesTrojan.Agent.KVTGen
AVFortinetW32/Bayrob.AQ!tr
AVEset (nod32)Win32/Bayrob.Q
AVWindows DefenderTrojanSpy:Win32/Nivdort
AVDr. WebTrojan.DownLoader13.15009
AVMcafeeTrojan-FGIJ!B6A8C3042A69
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort
AVTwisterTrojan.0000E9000000006A1.mg
AVSUPERAntiSpywareNo Virus
AVCAT (quickheal)TrojanSpy.Nivdort.OD4
AVCA (E-Trust Ino)Gen:Variant.Razy.8711

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\3bf7cd5c8c6054a7356fa675bcd76d4f38ed1224.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\riatqcqwswje\zvssxt
Creates FileC:\riatqcqwswje\zvssxt
Creates Filec:\Users\Phil\AppData\Local\Temp\3bf7cd5c8c6054a7356fa675bcd76d4f38ed1224.exe
Creates FileC:\riatqcqwswje\edg17y0mdo3mwrw927pdr.exe

Process
↳ C:\riatqcqwswje\edg17y0mdo3mwrw927pdr.exe

Network Details:


Raw Pcap

Strings