Analysis Date2018-05-15 16:48:10
MD5a4e44ebb723541b36bf10372b3692086
SHA15191e68eaaba62eb00af0e26116d3eee81e8b268

Static Details:

AVArcabit (arcavir)Trojan.GenericKD.1856466
AVAuthentiumW32/Trojan.DZEE-9394
AVGrisoft (avg)Generic_r.FDF
AVAvira (antivir)TR/ATRAPS.A.1789
AVAlwil (avast)Agent-AULS [Trj]
AVAd-AwareTrojan.GenericKD.1856466
AVBitDefenderTrojan.GenericKD.1856466
AVBullGuardTrojan.GenericKD.1856466
AVClamAVWin.Trojan.Downloader-64631
AVDr. WebTrojan.Upatre.87
AVEmsisoftTrojan.GenericKD.1856466
AVMicroWorld (escan)Trojan.GenericKD.1856466
AVCA (E-Trust Ino)Trojan.GenericKD.1856466
AVFortinetW32/Waski.A!tr
AVFrisk (f-prot)W32/Trojan3.KSV
AVF-SecureTrojan-Downloader:W32/Upatre.E
AVIkarusVirTool.Obfuscator
AVK7Error Scanning File
AVKasperskyTrojan-Downloader.Win32.Upatre.efi
AVMalwareBytesTrojan.Upatre
AVMcafeeDownloader-FSH!A4E44EBB7235
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVNANOTrojan.Win32.Dyre.dewarc
AVNANOTrojan.Win32.Dyre.domuvs
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVPadvishNo Virus
AVCAT (quickheal)TrojanDwnldr.Upatre.AA4
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Danglo
AVSymantecTrojan.Zbot
AVTrend MicroTROJ_UPATRE.SMBG
AVTwisterTrojanRansom.Cryptodef.biq.yqgv
AVVirusBlokAda (vba32)Hoax.Cryptodef
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Downloader.Waski.Win32.1249

Runtime Details:

Screenshot

Process
↳ C:\Users\Phil\AppData\Local\Temp\5191e68eaaba62eb00af0e26116d3eee81e8b268.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\5191e68eaaba62eb00af0e26116d3eee81e8b268.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\zcrjc.exe
Creates Mutex
Creates Mutex

Process
↳ C:\Users\Phil\AppData\Local\Temp\zcrjc.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\zcrjc.exe

Network Details:


Raw Pcap

Strings