Analysis Date2018-04-16 12:31:58
MD55a2c1ef44a0f8214f06f21636ee31663
SHA141912c43dc8cca4f5092e57355be1c40a0e5f95f

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Trojan.VBRan.Gen.2
AVAuthentiumW32/VB.HC.gen!Eldorado
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Barys.629.jh.4
AVAlwil (avast)VB-ACLF [Trj]
AVAd-AwareTrojan.VBRan.Gen.2
AVBitDefenderTrojan.VBRan.Gen.2
AVBullGuardTrojan.VBRan.Gen.2
AVClamAVWin.Trojan.Changeup-6169544-0
AVDr. WebWin32.HLLW.Autoruner1.16502
AVEmsisoftTrojan.VBRan.Gen.2
AVMicroWorld (escan)Trojan.VBRan.Gen.2
AVCA (E-Trust Ino)Trojan.VBRan.Gen.2
AVFortinetError Scanning File
AVFrisk (f-prot)W32/VB.HC.gen!Eldorado
AVF-SecureTrojan.VBRan.Gen.2
AVIkarusTrojan.Win32.Jorik
AVK7EmailWorm ( 0040f0951 )
AVKasperskyWorm.Win32.Vobfus.euuo
AVMalwareBytesNo Virus
AVMcafeeVBObfus.dr
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Autoruner1.covkhj
AVNANOTrojan.Win32.Barys.cojbbu
AVEset (nod32)Win32/AutoRun.VB.AUZ worm
AVPadvishWorm.Win32.WBNA.ipa
AVCAT (quickheal)Worm.Vobfus.Gen
AVRisingWorm.Win32.VobfusEx.b
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecW32.Changeup!gen20
AVTrend MicroWORM_VOBFUS.SMJO
AVTwisterVirus.FDA09472@2FFA09472.mg
AVVirusBlokAda (vba32)Trojan.Crypted.18605
AVWindows DefenderWorm:Win32/Vobfus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\41912c43dc8cca4f5092e57355be1c40a0e5f95f.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\41912c43dc8cca4f5092e57355be1c40a0e5f95f.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\41912c43dc8cca4f5092e57355be1c40a0e5f95f.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\41912c43dc8cca4f5092e57355be1c40a0e5f95f.exe
Creates FileC:\Users\Phil\peatai.exe
Creates FileC:\Users\Phil\peatai.exe
Creates MutexP

Process
↳ C:\Users\Phil\peatai.exe

Creates FileC:\Users\Phil\peatai.exe
Creates FileC:\Users\Phil\peatai.exe
Creates MutexP
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\peatai ➝
C:\Users\Phil\peatai.exe /w
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\peatai ➝
C:\Users\Phil\peatai.exe /R
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ➝
0

Network Details:


Raw Pcap

Strings