Analysis Date2018-04-06 00:31:49
MD5bbf10879c7414d8ea0467ed21b8980cb
SHA141b75da3b7885974cb9991c4e7325ceccf0705e8

Static Details:

File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Razy.291862
AVAuthentiumNo Virus
AVGrisoft (avg)No Virus
AVAvira (antivir)ADWARE/CloudGuard.Gen
AVAlwil (avast)No Virus
AVAd-AwareGen:Variant.Razy.291862
AVBitDefenderGen:Variant.Razy.291862
AVBullGuardGen:Variant.Razy.291862
AVClamAVNo Virus
AVDr. WebTrojan.Siggen7.44307
AVEmsisoftGen:Variant.Razy.291862
AVMicroWorld (escan)Gen:Variant.Razy.291862
AVCA (E-Trust Ino)No Virus
AVFortinetNo Virus
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Ursu.156989
AVIkarusAdWare.MSIL.Cloudguard
AVK7No Virus
AVKasperskyNo Virus
AVMalwareBytesAdware.CloudGuard.TskLnk
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)MSIL/Adware.CloudGuard.D
AVPadvishTrojan.Win32.DNSUnlocker.NET3
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\41b75da3b7885974cb9991c4e7325ceccf0705e8.exe

Creates Mutex
Creates FileC:\Users\Phil\AppData\Local\Temp\41b75da3b7885974cb9991c4e7325ceccf0705e8.exe.config
Creates FileC:\Users\Phil\AppData\Local\Temp\41b75da3b7885974cb9991c4e7325ceccf0705e8.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\41b75da3b7885974cb9991c4e7325ceccf0705e8.exe

Network Details:


Raw Pcap

Strings