Analysis Date2018-04-18 08:18:23
MD5f472db7d2c3d00b02f4eccea15dc3ebd
SHA141b72f1ed13c6f9f26a3e466a7d18f692aae139d

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
PEhash
AVCAT (quickheal)Trojan.Zenshirsh.SL7
AVEmsisoftDeepScan:Generic.Nimda.57EDAF37
AVAlwil (avast)Evo-gen [Susp]
AVArcabit (arcavir)DeepScan:Generic.Nimda.57EDAF37
AVPadvishVirus.Win32.Virut.BN
AVBitDefenderDeepScan:Generic.Nimda.57EDAF37
AVAd-AwareDeepScan:Generic.Nimda.57EDAF37
AVAlwil (avast)Allaple [Wrm]
AVIkarusTrojan.Win32.Agent
AVMicroWorld (escan)DeepScan:Generic.Nimda.57EDAF37
AVEset (nod32)Win32/Agent.XFC
AVFrisk (f-prot)W32/S-f9cb8831!Eldorado
AVSUPERAntiSpywareNo Virus
AVF-SecureDeepScan:Generic.Nimda.57EDAF37
AVTwisterTrojanDrop.Dinwod.unm.dafl
AVBullGuardDeepScan:Generic.Nimda.57EDAF37
AVCA (E-Trust Ino)DeepScan:Generic.Nimda.57EDAF37
AVVirusBlokAda (vba32)Trojan.Inject
AVClamAVWin.Worm.Allaple-5
AVFortinetW32/Agent.OJQ!tr.spy
AVMalwareBytesError Scanning File
AVK7Trojan ( 000aef511 )
AVAlwil (avast)Win32:Malware-gen
AVAlwil (avast)Banker-NBH [Trj]
AVTrend MicroNo Virus
AVAlwil (avast)Oncer
AVMicrosoft Security EssentialsBackdoor:MSIL/Bladabindi
AVAuthentiumW32/S-f9cb8831!Eldorado
AVAlwil (avast)Win32:Oncer
AVZillya!Dropper.DinwodGen.Win32.1
AVSymantecTrojan.Gen
AVAlwil (avast)Agent-DRD [Trj]
AVMcafeeDropper-FVF!F472DB7D2C3D
AVNANOTrojan.Win32.Dinwod.ejafor
AVAlwil (avast)Malware-gen
AVAvira (antivir)TR/Spy.Gen
AVRisingNo Virus
AVDr. WebTrojan.Inject1.58305
AVWindows DefenderBackdoor:MSIL/Bladabindi
AV360 SafeNo Virus
AVKasperskyTrojan-Dropper.Win32.Dinwod.acqn
AVGrisoft (avg)Generic_r.QNT

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\41b72f1ed13c6f9f26a3e466a7d18f692aae139d.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\41b72f1ed13c6f9f26a3e466a7d18f692aae139d.exe
Creates Filec:\7nnqek.exe

Process
↳ c:\7nnqek.exe

Creates Filec:\7nnqek.exe
Creates Filec:\f50xuu0.exe

Process
↳ c:\f50xuu0.exe

Creates Filec:\f50xuu0.exe
Creates Filec:\1foflll.exe

Process
↳ c:\1foflll.exe

Creates Filec:\1foflll.exe
Creates Filec:\42fdbm.exe

Process
↳ c:\42fdbm.exe

Creates Filec:\42fdbm.exe
Creates Filec:\lof5a.exe

Process
↳ c:\lof5a.exe

Creates Filec:\lof5a.exe
Creates Filec:\furcrlr.exe

Process
↳ c:\furcrlr.exe

Creates Filec:\furcrlr.exe
Creates Filec:\2j6v7.exe

Process
↳ c:\2j6v7.exe

Creates Filec:\2j6v7.exe
Creates Filec:\alg05.exe

Process
↳ c:\alg05.exe

Creates Filec:\alg05.exe
Creates Filec:\8pav7.exe

Process
↳ c:\8pav7.exe

Creates Filec:\8pav7.exe
Creates Filec:\i9x1uui.exe

Process
↳ c:\i9x1uui.exe

Creates Filec:\i9x1uui.exe
Creates Filec:\kkh2n2.exe

Process
↳ c:\kkh2n2.exe

Creates Filec:\kkh2n2.exe
Creates Filec:\31cro9l.exe

Process
↳ c:\31cro9l.exe

Creates Filec:\31cro9l.exe
Creates Filec:\9t4et8.exe

Process
↳ c:\9t4et8.exe

Creates Filec:\9t4et8.exe
Creates Filec:\svsjj.exe

Process
↳ c:\svsjj.exe

Creates Filec:\svsjj.exe
Creates Filec:\btkthw.exe

Process
↳ c:\btkthw.exe

Creates Filec:\btkthw.exe
Creates Filec:\2m33p.exe

Process
↳ c:\2m33p.exe

Creates Filec:\2m33p.exe
Creates Filec:\th10n8.exe

Process
↳ c:\th10n8.exe

Creates Filec:\th10n8.exe
Creates Filec:\97gdg.exe

Process
↳ c:\97gdg.exe

Creates Filec:\97gdg.exe
Creates Filec:\9k4bb4.exe

Process
↳ c:\9k4bb4.exe

Creates Filec:\9k4bb4.exe
Creates Filec:\s3sd6.exe

Process
↳ c:\s3sd6.exe

Creates Filec:\s3sd6.exe
Creates Filec:\cl13l0u.exe

Process
↳ c:\cl13l0u.exe

Creates Filec:\cl13l0u.exe
Creates Filec:\b7tt8h.exe

Process
↳ c:\b7tt8h.exe

Creates Filec:\b7tt8h.exe
Creates Filec:\ov3h70.exe

Process
↳ c:\ov3h70.exe

Creates Filec:\ov3h70.exe
Creates Filec:\j52gv.exe

Process
↳ c:\j52gv.exe

Creates Filec:\j52gv.exe
Creates Filec:\0th697.exe

Process
↳ c:\0th697.exe

Creates Filec:\0th697.exe
Creates Filec:\pthddd.exe

Process
↳ c:\pthddd.exe

Creates Filec:\pthddd.exe
Creates Filec:\5ttenn.exe

Process
↳ c:\5ttenn.exe

Creates Filec:\5ttenn.exe
Creates Filec:\7d504.exe

Process
↳ c:\7d504.exe

Creates Filec:\7d504.exe
Creates Filec:\f1flu02.exe

Process
↳ c:\f1flu02.exe

Creates Filec:\f1flu02.exe
Creates Filec:\uxx17f8.exe

Process
↳ c:\uxx17f8.exe

Creates Filec:\uxx17f8.exe
Creates Filec:\h4htbh.exe

Process
↳ c:\h4htbh.exe

Creates Filec:\h4htbh.exe
Creates Filec:\0psp3.exe

Process
↳ c:\0psp3.exe

Creates Filec:\0psp3.exe
Creates Filec:\5fr4xxf.exe

Process
↳ c:\5fr4xxf.exe

Creates Filec:\5fr4xxf.exe
Creates Filec:\7b3h3e.exe

Process
↳ c:\7b3h3e.exe

Creates Filec:\7b3h3e.exe
Creates Filec:\pjptb.exe

Process
↳ c:\pjptb.exe

Creates Filec:\pjptb.exe
Creates Filec:\d7j45.exe

Process
↳ c:\d7j45.exe

Creates Filec:\d7j45.exe
Creates Filec:\httlp.exe

Process
↳ c:\httlp.exe

Creates Filec:\httlp.exe
Creates Filec:\hbth40.exe

Process
↳ c:\hbth40.exe

Creates Filec:\hbth40.exe
Creates Filec:\sd74j.exe

Process
↳ c:\sd74j.exe

Creates Filec:\sd74j.exe
Creates Filec:\52x2c75.exe

Process
↳ c:\52x2c75.exe

Creates Filec:\52x2c75.exe
Creates Filec:\qbbwnn.exe

Process
↳ c:\qbbwnn.exe

Creates Filec:\qbbwnn.exe
Creates Filec:\twhb8h.exe

Process
↳ c:\twhb8h.exe

Creates Filec:\twhb8h.exe
Creates Filec:\xo8f4rl.exe

Process
↳ c:\xo8f4rl.exe

Creates Filec:\xo8f4rl.exe
Creates Filec:\0qbb61.exe

Process
↳ c:\0qbb61.exe

Creates Filec:\0qbb61.exe
Creates Filec:\rl426x1.exe

Process
↳ c:\rl426x1.exe

Creates Filec:\rl426x1.exe
Creates Filec:\8w12t0.exe

Process
↳ c:\8w12t0.exe

Creates Filec:\8w12t0.exe
Creates Filec:\vd4g4.exe

Process
↳ c:\vd4g4.exe

Creates Filec:\vd4g4.exe
Creates Filec:\j35pv.exe

Process
↳ c:\j35pv.exe

Creates Filec:\j35pv.exe
Creates Filec:\o833lx1.exe

Process
↳ c:\pdxxlx.exe

Creates Filec:\pdxxlx.exe
Creates Filec:\r7i2lrr.exe

Process
↳ c:\r7i2lrr.exe

Creates Filec:\r7i2lrr.exe
Creates Filec:\j57j9.exe

Process
↳ c:\j57j9.exe

Creates Filec:\j57j9.exe
Creates Filec:\s4p0p.exe

Process
↳ c:\s4p0p.exe

Creates Filec:\s4p0p.exe
Creates Filec:\43x82x1.exe

Process
↳ c:\43x82x1.exe

Creates Filec:\43x82x1.exe
Creates Filec:\n1ktht.exe

Process
↳ c:\n1ktht.exe

Creates Filec:\n1ktht.exe
Creates Filec:\0gpdj.exe

Process
↳ c:\0gpdj.exe

Creates Filec:\0gpdj.exe
Creates Filec:\023lllx.exe

Process
↳ c:\023lllx.exe

Creates Filec:\023lllx.exe
Creates Filec:\tq3tte.exe

Process
↳ c:\tq3tte.exe

Creates Filec:\tq3tte.exe
Creates Filec:\thxlxl.exe

Process
↳ c:\thxlxl.exe

Creates Filec:\thxlxl.exe
Creates Filec:\3cl8l10.exe

Process
↳ c:\3cl8l10.exe

Creates Filec:\3cl8l10.exe
Creates Filec:\kh1eb8.exe

Process
↳ c:\kh1eb8.exe

Creates Filec:\kh1eb8.exe
Creates Filec:\xlr7849.exe

Process
↳ c:\xlr7849.exe

Creates Filec:\xlr7849.exe
Creates Filec:\nk78kh.exe

Process
↳ c:\s87j0.exe

Creates Filec:\s87j0.exe
Creates Filec:\e99eeqh.exe

Process
↳ c:\e99eeqh.exe

Creates Filec:\e99eeqh.exe
Creates Filec:\t182d.exe

Process
↳ c:\t182d.exe

Creates Filec:\t182d.exe
Creates Filec:\7p15p.exe

Process
↳ c:\7p15p.exe

Creates Filec:\7p15p.exe
Creates Filec:\xllifx9.exe

Process
↳ c:\xllifx9.exe

Creates Filec:\xllifx9.exe
Creates Filec:\3bn5hh.exe

Process
↳ c:\3bn5hh.exe

Creates Filec:\3bn5hh.exe
Creates Filec:\l06191f.exe

Process
↳ c:\l06191f.exe

Creates Filec:\l06191f.exe
Creates Filec:\7kh2nb.exe

Process
↳ c:\7kh2nb.exe

Creates Filec:\7kh2nb.exe
Creates Filec:\ss1jp.exe

Process
↳ c:\ss1jp.exe

Creates Filec:\ss1jp.exe
Creates Filec:\icrf27i.exe

Process
↳ c:\icrf27i.exe

Creates Filec:\icrf27i.exe
Creates Filec:\5uuull8.exe

Process
↳ c:\5uuull8.exe

Creates Filec:\5uuull8.exe
Creates Filec:\djjdj.exe

Process
↳ c:\djjdj.exe

Creates Filec:\djjdj.exe
Creates Filec:\vd2gs.exe

Process
↳ c:\vd2gs.exe

Creates Filec:\vd2gs.exe
Creates Filec:\u8c5xcx.exe

Process
↳ c:\u8c5xcx.exe

Creates Filec:\u8c5xcx.exe
Creates Filec:\t8ktnt.exe

Process
↳ c:\t8ktnt.exe

Creates Filec:\t8ktnt.exe
Creates Filec:\m4j8a.exe

Process
↳ c:\m4j8a.exe

Creates Filec:\m4j8a.exe
Creates Filec:\fffucui.exe

Process
↳ c:\fffucui.exe

Creates Filec:\fffucui.exe
Creates Filec:\rjfvj.exe

Process
↳ c:\rjfvj.exe

Creates Filec:\rjfvj.exe
Creates Filec:\dpdmv.exe

Process
↳ c:\dpdmv.exe

Creates Filec:\dpdmv.exe
Creates Filec:\3xc0l5r.exe

Process
↳ c:\3xc0l5r.exe

Creates Filec:\3xc0l5r.exe
Creates Filec:\llphxpp.exe

Process
↳ c:\llphxpp.exe

Creates Filec:\llphxpp.exe
Creates Filec:\e03h1n.exe

Process
↳ c:\e03h1n.exe

Creates Filec:\e03h1n.exe
Creates Filec:\5d7vj.exe

Process
↳ c:\5d7vj.exe

Creates Filec:\5d7vj.exe
Creates Filec:\65oru91.exe

Process
↳ c:\65oru91.exe

Creates Filec:\65oru91.exe
Creates Filec:\btthnb.exe

Process
↳ c:\btthnb.exe

Creates Filec:\btthnb.exe
Creates Filec:\7v0dv.exe

Process
↳ c:\7v0dv.exe

Creates Filec:\7v0dv.exe
Creates Filec:\906xo7x.exe

Process
↳ c:\906xo7x.exe

Creates Filec:\906xo7x.exe
Creates Filec:\nnttht.exe

Process
↳ c:\nnttht.exe

Creates Filec:\nnttht.exe
Creates Filec:\m4add.exe

Process
↳ c:\m4add.exe

Creates Filec:\m4add.exe
Creates Filec:\f50uirx.exe

Process
↳ c:\f50uirx.exe

Creates Filec:\f50uirx.exe
Creates Filec:\twq4t2.exe

Process
↳ c:\twq4t2.exe

Creates Filec:\twq4t2.exe
Creates Filec:\v6j1j.exe

Process
↳ c:\v6j1j.exe

Creates Filec:\v6j1j.exe
Creates Filec:\ddjd0.exe

Process
↳ c:\ddjd0.exe

Creates Filec:\ddjd0.exe
Creates Filec:\x9rl12f.exe

Process
↳ c:\x9rl12f.exe

Creates Filec:\x9rl12f.exe
Creates Filec:\fco6o6r.exe

Process
↳ c:\fco6o6r.exe

Creates Filec:\fco6o6r.exe
Creates Filec:\qbhhb9.exe

Process
↳ c:\qbhhb9.exe

Creates Filec:\qbhhb9.exe
Creates Filec:\5p21c.exe

Process
↳ c:\5p21c.exe

Creates Filec:\5p21c.exe
Creates Filec:\s3uj2j8.exe

Process
↳ c:\s3uj2j8.exe

Creates Filec:\s3uj2j8.exe
Creates Filec:\d46mp.exe

Process
↳ c:\d46mp.exe

Creates Filec:\d46mp.exe
Creates Filec:\ajs3s.exe

Process
↳ c:\ajs3s.exe

Creates Filec:\ajs3s.exe
Creates Filec:\62u64cx.exe

Process
↳ c:\62u64cx.exe

Creates Filec:\62u64cx.exe
Creates Filec:\mj1d4.exe

Process
↳ c:\mj1d4.exe

Creates Filec:\mj1d4.exe
Creates Filec:\9xffii9.exe

Process
↳ c:\9xffii9.exe

Creates Filec:\9xffii9.exe
Creates Filec:\rbbvnr.exe

Process
↳ c:\rbbvnr.exe

Creates Filec:\rbbvnr.exe
Creates Filec:\3ga31.exe

Process
↳ c:\3ga31.exe

Creates Filec:\3ga31.exe
Creates Filec:\8f26xfc.exe

Process
↳ c:\8f26xfc.exe

Creates Filec:\8f26xfc.exe
Creates Filec:\nht0h6.exe

Process
↳ c:\nht0h6.exe

Creates Filec:\nht0h6.exe
Creates Filec:\jdmdp.exe

Process
↳ c:\jdmdp.exe

Creates Filec:\jdmdp.exe
Creates Filec:\282100r.exe

Process
↳ c:\282100r.exe

Creates Filec:\282100r.exe
Creates Filec:\17rlc4o.exe

Process
↳ c:\17rlc4o.exe

Creates Filec:\17rlc4o.exe
Creates Filec:\fprp737.exe

Process
↳ c:\fprp737.exe

Creates Filec:\fprp737.exe
Creates Filec:\5j75v.exe

Process
↳ c:\5j75v.exe

Creates Filec:\5j75v.exe
Creates Filec:\lx97rfi.exe

Process
↳ c:\lx97rfi.exe

Creates Filec:\lx97rfi.exe
Creates Filec:\plhthhx.exe

Process
↳ c:\plhthhx.exe

Creates Filec:\plhthhx.exe
Creates Filec:\dpg0v.exe

Process
↳ c:\dpg0v.exe

Creates Filec:\dpg0v.exe
Creates Filec:\orur7oi.exe

Process
↳ c:\orur7oi.exe

Creates Filec:\orur7oi.exe
Creates Filec:\xx4o4x7.exe

Process
↳ c:\xx4o4x7.exe

Creates Filec:\xx4o4x7.exe
Creates Filec:\2wke2t.exe

Process
↳ c:\2wke2t.exe

Creates Filec:\2wke2t.exe
Creates Filec:\jj60g.exe

Process
↳ c:\jj60g.exe

Creates Filec:\jj60g.exe
Creates Filec:\395f5f3.exe

Process
↳ c:\395f5f3.exe

Creates Filec:\395f5f3.exe
Creates Filec:\qtbt7w.exe

Process
↳ c:\qtbt7w.exe

Creates Filec:\qtbt7w.exe
Creates Filec:\bnfnrjf.exe

Process
↳ c:\bnfnrjf.exe

Creates Filec:\bnfnrjf.exe
Creates Filec:\wweqtb.exe

Process
↳ c:\wweqtb.exe

Creates Filec:\wweqtb.exe
Creates Filec:\3nh40b.exe

Process
↳ c:\3nh40b.exe

Creates Filec:\3nh40b.exe
Creates Filec:\0dj4v.exe

Process
↳ c:\0dj4v.exe

Creates Filec:\0dj4v.exe
Creates Filec:\f8licx7.exe

Process
↳ c:\f8licx7.exe

Creates Filec:\f8licx7.exe
Creates Filec:\qbnwk3.exe

Process
↳ c:\qbnwk3.exe

Creates Filec:\qbnwk3.exe
Creates Filec:\3aj9j.exe

Process
↳ c:\3aj9j.exe

Creates Filec:\3aj9j.exe
Creates Filec:\rpxhfl.exe

Process
↳ c:\rpxhfl.exe

Creates Filec:\rpxhfl.exe
Creates Filec:\hb4ntb.exe

Process
↳ c:\hb4ntb.exe

Creates Filec:\hb4ntb.exe
Creates Filec:\g54pj.exe

Process
↳ c:\g54pj.exe

Creates Filec:\g54pj.exe
Creates Filec:\x18lfr8.exe

Process
↳ c:\x18lfr8.exe

Creates Filec:\x18lfr8.exe
Creates Filec:\600hhh.exe

Process
↳ c:\600hhh.exe

Creates Filec:\600hhh.exe
Creates Filec:\e3eq4b.exe

Process
↳ c:\e3eq4b.exe

Creates Filec:\e3eq4b.exe
Creates Filec:\9ddjm.exe

Process
↳ c:\9ddjm.exe

Creates Filec:\9ddjm.exe
Creates Filec:\fjbnfbv.exe

Process
↳ c:\fjbnfbv.exe

Creates Filec:\fjbnfbv.exe
Creates Filec:\j84v6.exe

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings