Analysis Date2018-04-07 08:09:22
MD512f6bdd3a8bed4de39ebc988d7046363
SHA145500dedb2484f38044debb5d70aef7906d0cba5

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Trojan.Upatre.Gen.3
AVAuthentiumW32/Dalexis.N.gen!Eldorado
AVGrisoft (avg)Crypt_s.ILD
AVAvira (antivir)TR/Dldr.Upatre.ertvk
AVAlwil (avast)Dyre-K [Trj]
AVAd-AwareTrojan.Upatre.Gen.3
AVBitDefenderTrojan.Upatre.Gen.3
AVBullGuardTrojan.Upatre.Gen.3
AVClamAVNo Virus
AVDr. WebTrojan.Upatre.1133
AVEmsisoftTrojan.Upatre.Gen.3
AVMicroWorld (escan)Trojan.Upatre.Gen.3
AVCA (E-Trust Ino)Trojan.Upatre.Gen.3
AVFortinetW32/Generic!tr
AVFrisk (f-prot)W32/Dalexis.N.gen!Eldorado
AVF-SecureTrojan.Upatre.Gen.3
AVIkarusTrojan.SuspectCRC
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVNANONo Virus
AVEset (nod32)Generik.FLKOABV
AVPadvishError Scanning File
AVCAT (quickheal)No Virus
AVRisingTrojan.Win32.Kryptik.af
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecTrojan.Gen.2
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f537461 67654f6e 652f3435   GET /StageOne/45
0x00000010 (00016)   35303064 65646232 34383466 33383034   500dedb2484f3804
0x00000020 (00032)   34646562 62356437 30616566 37393036   4debb5d70aef7906
0x00000030 (00048)   64306362 61355f65 78652f30 5f305f30   d0cba5_exe/0_0_0
0x00000040 (00064)   5f302f35 33356434 6166372f 6e74646c   _0/535d4af7/ntdl
0x00000050 (00080)   6c5f646c 6c2f365f 315f3736 30305f31   l_dll/6_1_7600_1
0x00000060 (00096)   36333835 2f346135 62646233 622f6330   6385/4a5bdb3b/c0
0x00000070 (00112)   30303030 30352f30 30303365 3833312e   000005/0003e831.
0x00000080 (00128)   68746d3f 4c434944 3d313033 33264f53   htm?LCID=1033&OS
0x00000090 (00144)   3d362e31 2e373630 302e322e 30303031   =6.1.7600.2.0001
0x000000a0 (00160)   30313030 2e302e30 2e34382e 31363338   0100.0.0.48.1638
0x000000b0 (00176)   3526534d 3d4c454e 4f564f26 53504e3d   5&SM=LENOVO&SPN=
0x000000c0 (00192)   32323431 57325526 42563d37 55455439   2241W2U&BV=7UET9
0x000000d0 (00208)   32575725 32302833 2e323225 32302926   2WW%20(3.22%20)&
0x000000e0 (00224)   4d49443d 33443843 41344430 2d353543   MID=3D8CA4D0-55C
0x000000f0 (00240)   412d3442 35382d38 3030442d 37463744   A-4B58-800D-7F7D
0x00000100 (00256)   37434235 39343135 20485454 502f312e   7CB59415 HTTP/1.
0x00000110 (00272)   310d0a43 6f6e6e65 6374696f 6e3a204b   1..Connection: K
0x00000120 (00288)   6565702d 416c6976 650d0a55 7365722d   eep-Alive..User-
0x00000130 (00304)   4167656e 743a204d 5344570d 0a486f73   Agent: MSDW..Hos
0x00000140 (00320)   743a2077 6174736f 6e2e6d69 63726f73   t: watson.micros
0x00000150 (00336)   6f66742e 636f6d0d 0a0d0a              oft.com....


Strings