Analysis Date2018-05-19 16:53:31
MD517ed105b4c814cfde2aa283ec308aab0
SHA149c60ca214fc116bb2366bef041d28b7595e16e3

Static Details:

AVArcabit (arcavir)Error Scanning File
AVAuthentiumW32/S-f9d51e84!Eldorado
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Spy.Banker.axzdc
AVAlwil (avast)Banker-LAA [Trj]
AVAd-AwareTrojan.Agent.CYZT
AVBitDefenderTrojan.Agent.CYZT
AVBullGuardTrojan.Agent.CYZT
AVClamAVNo Virus
AVDr. WebTool.Snojan.1
AVEmsisoftTrojan.Agent.CYZT
AVMicroWorld (escan)Trojan.GenericKD.30606265
AVCA (E-Trust Ino)No Virus
AVFortinetRiskware/Snojan
AVFrisk (f-prot)W32/S-f9d51e84!Eldorado
AVF-SecureTrojan.Agent.CYZT
AVIkarusDownloader.Snojan
AVK7Trojan ( 0052706d1 )
AVKasperskyDownloader.Win32.Snojan.eiqu
AVMalwareBytesNo Virus
AVMcafeeGenericRXEO-OL!17ED105B4C81
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Snojan.evvppm
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)Trojan.Snojan.S1829144
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Banker
AVSymantecSMG.Heur!gen
AVTrend MicroNo Virus
AVTwisterGenerik.HWSOMXU.ceqp
AVVirusBlokAda (vba32)Downloader.Snojan
AVWindows DefenderNo Virus
AVZillya!Trojan.GenericKD.Win32.100891

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\49c60ca214fc116bb2366bef041d28b7595e16e3.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\49c60ca214fc116bb2366bef041d28b7595e16e3.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\rifaien2-OIPHBili2xrXbqnE.exe

Network Details:


Raw Pcap

Strings