Analysis Date2018-06-08 20:16:21
MD52e8ff556d3c0f92361dc6ecab8d3333d
SHA1403b678aab68d017de2e70d4fde1233d024e82ee

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9bbf22eb0504de051fd5ce7cb7549d01 sha1: 3d246127795d2a4a0ed878cd716fc7e84e3ad6eb size: 28672
Section.rdata md5: 6e9e663d13a7ad629c268530f84cd7e0 sha1: 61704fc54b8c02e029c127456304d4ab6ae5a954 size: 4096
Section.data md5: d7025f3231ffeb73642013407e2b0eaf sha1: 534e194181da155526655de3a73ed735bb42e3d9 size: 4096
Timestamp2000-09-04 15:53:48
PackerInstaller VISE Custom
PEhashf9a213804fbe70a890d4840449561e0bead9779d
IMPhashc80c858a8440b4fbc5a80278c8011403
AV360 SafeApplication.Winzapper.A
AVAd-AwareApplication.Winzapper.A
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.BOOG-4083
AVAvira (antivir)TR/Horse.CN
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)PSWTool.SnadBoy.2011 (Not a Virus)
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)Generik.FZFCNWK
AVFortinetRiskware/Winzapper
AVFrisk (f-prot)W32/Trojan2.NBRM (exact)
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7Trojan ( 0001140e1 )
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojan:Win32/WinZapper
AVMicroWorld (escan)Application.Winzapper.A
AVNormanno_virus
AVSophosno_virus
AVSymantecTrojan Horse
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus
AVK7Trojan ( 0001140e1 )
AVIkarusno_virus
AVMicrosoft Security EssentialsTrojan:Win32/WinZapper
AVF-Secureno_virus
AVFortinetRiskware/Winzapper
AVCA (E-Trust Ino)no_virus
AVAvira (antivir)TR/Horse.CN
AVAuthentiumW32/Trojan.BOOG-4083
AVCAT (quickheal)PSWTool.SnadBoy.2011 (Not a Virus)
AVSymantecTrojan Horse
AVAlwil (avast)no_virus
AVEset (nod32)Generik.FZFCNWK
AVAd-AwareApplication.Winzapper.A
AVMalwareBytesno_virus
AVMicroWorld (escan)Application.Winzapper.A
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus
AVGrisoft (avg)no_virus
AVMcafeeno_virus
AVDr. Webno_virus
AVArcabit (arcavir)no_virus
AVEmsisoftno_virus
AVKasperskyno_virus
AV360 SafeApplication.Winzapper.A
AVFrisk (f-prot)W32/Trojan2.NBRM (exact)
AVClamAVno_virus
AVNormanno_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\403b678aab68d017de2e70d4fde1233d024e82ee.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Network Details:


Raw Pcap

Strings