Analysis Date2018-05-04 20:24:46
MD5e63a12dca66013e284b5c9b5d4df2ee3
SHA1474f838bb7a63611fc248b7b09f450acb886994e

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Trojan.Foreign.Gen.1
AVAuthentiumNo Virus
AVGrisoft (avg)Win32/Cryptor
AVAvira (antivir)TR/Spy.ZBot.aau.75
AVAlwil (avast)Cryptor
AVAlwil (avast)Win32:Cryptor
AVAd-AwareTrojan.Foreign.Gen.1
AVBitDefenderTrojan.Foreign.Gen.1
AVBullGuardTrojan.Foreign.Gen.1
AVClamAVNo Virus
AVDr. WebTrojan.PWS.Panda.5911
AVEmsisoftTrojan.Foreign.Gen.1
AVMicroWorld (escan)Trojan.Foreign.Gen.1
AVCA (E-Trust Ino)Trojan.Foreign.1
AVFortinetNo Virus
AVFrisk (f-prot)No Virus
AVF-SecureTrojan.Foreign.Gen.1
AVIkarusTrojan.Win32.Kovter
AVK7Spyware ( 004b8cd91 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesSpyware.Zbot.VXGen
AVMcafeeGeneric-FAWS!E63A12DCA660
AVMicrosoft Security EssentialsTrojan:Win32/Toga!rfn
AVNANOTrojan.Win32.Zbot.cudhfi
AVEset (nod32)Win32/Spy.Zbot.AAU
AVPadvishNo Virus
AVCAT (quickheal)Trojan.Generic.B4
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)Malware-Cryptor.Limpopo
AVWindows DefenderTrojan:Win32/Toga!rfn
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\474f838bb7a63611fc248b7b09f450acb886994e.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\shell32.dll
Creates FileC:\Users\Phil\AppData\Local\Temp\474f838bb7a63611fc248b7b09f450acb886994e.exe

Network Details:


Raw Pcap

Strings