Analysis Date2018-05-06 12:38:34
MD55cc2f524e1b4ca97af4d9b40b6c78827
SHA1564661c5757baf3474018cc0763cd24563dfaccd

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Symmi.28546
AVNANOTrojan.Win32.Andromeda.dpkxyv
AVFrisk (f-prot)W32/Trojan2.OAPW
AVCAT (quickheal)Worm.Gamarue.A5
AVIkarusError Scanning File
AVCA (E-Trust Ino)Error Scanning File
AVF-SecureTrojan-Downloader:W32/Wauchos.F
AVBitDefenderGen:Variant.Symmi.28546
AVEmsisoftGen:Variant.Symmi.28546
AVPadvishWorm.Win32.Gamarue.SameMsiexec1
AVMcafeeW32/Worm-FKO!5CC2F524E1B4
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Wauchos.2183
AVZillya!Backdoor.Androm.Win32.2864
AVEset (nod32)Win32/TrojanDownloader.Wauchos.L
AVKasperskyError Scanning File
AVAd-AwareGen:Variant.Symmi.28546
AVClamAVError Scanning File
AVAuthentiumW32/Trojan.KYQA-2633
AVMicroWorld (escan)Gen:Variant.Symmi.28546
AVMalwareBytesTrojan.Email.Bot
AVRisingNo Virus
AV360 SafeTrojan.Win32.Agent.FN
AVBullGuardGen:Variant.Symmi.28546
AVSUPERAntiSpywareError Scanning File
AVNANOTrojan.Win32.Andromeda.cjgqby
AVTwisterTrojan.3F06E5417E4C04E9
AVGrisoft (avg)Error Scanning File
AVTrend MicroWORM_GAMARUE.SMV
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.F
AVK7Trojan ( 0001140e1 )
AVAlwil (avast)Error Scanning File
AVWindows DefenderWorm:Win32/Gamarue.F
AVFortinetW32/Wauchos.LB!tr
AVDr. WebBackDoor.Andromeda.178
AVSymantecDownloader.Dromedan
AVAvira (antivir)TR/BAS.Samca.13317892

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\564661c5757baf3474018cc0763cd24563dfaccd.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\564661c5757baf3474018cc0763cd24563dfaccd.exe

Creates FileC:\Windows\SysWOW64\msiexec.exe

Process
↳ C:\Windows\SysWOW64\msiexec.exe

Creates Mutex3770066751
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\564661c5757baf3474018cc0763cd24563dfaccd.exe
Creates FileC:\ProgramData\Local Settings\Temp\ccusxi.exe
Creates FileC:\Windows\SysWOW64\msiexec.exe
Creates FileC:\ProgramData\Local Settings\Temp\ccusxi.exe

Network Details:


Raw Pcap
0x00000000 (00000)   504f5354 202f6761 74653032 2e706870   POST /gate02.php
0x00000010 (00016)   20485454 502f312e 310d0a48 6f73743a    HTTP/1.1..Host:
0x00000020 (00032)   20646576 69636573 74612e72 750d0a55    devicesta.ru..U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a6931   ser-Agent: Mozi1
0x00000040 (00064)   6c612f34 2e300d0a 436f6e74 656e742d   la/4.0..Content-
0x00000050 (00080)   54797065 3a206170 706c6963 6174696f   Type: applicatio
0x00000060 (00096)   6e2f782d 7777772d 666f726d 2d75726c   n/x-www-form-url
0x00000070 (00112)   656e636f 6465640d 0a436f6e 74656e74   encoded..Content
0x00000080 (00128)   2d4c656e 6774683a 2038300d 0a436f6e   -Length: 80..Con
0x00000090 (00144)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x000000a0 (00160)   0d0a7570 71636843 34357531 5446462b   ..upqchC45u1TFF+
0x000000b0 (00176)   4a6d6e59 4b474977 694c7158 77794773   JmnYKGIwiLqXwyGs
0x000000c0 (00192)   436f4133 4f757431 41683348 61567351   CoA3Out1Ah3HaVsQ
0x000000d0 (00208)   6a343559 4371474b 326c5866 32507649   j45YCqGK2lXf2PvI
0x000000e0 (00224)   4d65744a 337a4d52 6f4f4b45 51393553   MetJ3zMRoOKEQ95S
0x000000f0 (00240)   3438                                  48


Strings