Analysis Date2018-04-06 15:24:18
MD50ea89db2fbc2fc6ca667992a133d2d05
SHA161b089c0808e01c9fe3022327bc83d8f99a4e68b

Static Details:

File typePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Trojan.Rajbot.Gen.1
AVAuthentiumW32/Trojan.IFZV-3126
AVGrisoft (avg)SCGeneric2.BSFK
AVAvira (antivir)TR/Crypt.ZPACK.Gen7
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareTrojan.Rajbot.Gen.1
AVBitDefenderTrojan.Rajbot.Gen.1
AVBullGuardTrojan.Rajbot.Gen.1
AVClamAVError Scanning File
AVDr. WebTrojan.Siggen7.25608
AVEmsisoftTrojan.Rajbot.Gen.1
AVMicroWorld (escan)Trojan.Rajbot.Gen.1
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Generic.AC.3F2805!tr
AVFrisk (f-prot)No Virus
AVF-SecureTrojan:W32/Gamarue.F
AVIkarusError Scanning File
AVK7Error Scanning File
AVKasperskyError Scanning File
AVMalwareBytesBackdoor.Agent
AVMcafeeGenericRXCE-NK!0EA89DB2FBC2
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Agent.eqodap
AVEset (nod32)Win32/Bundpil.EG worm
AVPadvishNo Virus
AVCAT (quickheal)Worm.Gamarue.WR5
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecPacked.Dromedan!gen17
AVTrend MicroMal_Bundpil-4
AVTwisterW32.Bundpil.EG.ozjy
AVVirusBlokAda (vba32)Trojan.Tiggre
AVWindows DefenderNo Virus
AVZillya!Worm.Bundpil.Win32.124698

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\61b089c0808e01c9fe3022327bc83d8f99a4e68b.dll

Process
↳ C:\Windows\SysWOW64\rundll32.exe

Network Details:


Raw Pcap

Strings