Analysis Date2018-04-14 06:41:01
MD54d1154ebf1222a3b58ce90fbfe43aab1
SHA16237f4043525ba8d96fdcfecacaeaabeaadd1844

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVPadvishNo Virus
AVFortinetW32/Lockscreen.LOA!tr
AVEset (nod32)Win32/Kryptik.BAIR
AVFrisk (f-prot)No Virus
AVIkarusError Scanning File
AVTwisterSuspicious.558BEC#0000@2.mg
AVCA (E-Trust Ino)Error Scanning File
AVWindows DefenderPWS:Win32/Zbot
AVMicrosoft Security EssentialsPWS:Win32/Zbot
AVSUPERAntiSpywareNo Virus
AVBullGuardTrojan.Androm.Gen.1
AVKasperskyError Scanning File
AVAlwil (avast)Karagany
AVDr. WebTrojan.PWS.Panda.2401
AVCAT (quickheal)TrojanRansom.Crowti.MUE.A4
AVGrisoft (avg)Win32/Karagany
AVClamAVError Scanning File
AVVirusBlokAda (vba32)SScope.Trojan.FakeAV.01110
AVF-SecureTrojan.Androm.Gen.1
AVK7No Virus
AVAlwil (avast)Win32:Karagany
AVNANOTrojan.Win32.Panda.crdeol
AVRisingNo Virus
AVMicroWorld (escan)Trojan.Androm.Gen.1
AVAvira (antivir)TR/Spy.ZBot.4198412
AVTrend MicroTROJ_KRYPTK.SML3
AV360 SafeNo Virus
AVAd-AwareTrojan.Androm.Gen.1
AVMcafeePWS-Zbot-FAJD!4D1154EBF122
AVBitDefenderTrojan.Androm.Gen.1
AVZillya!No Virus
AVSymantecPacked.Generic.459
AVAuthentiumW32/A-65ff5a5a!Eldorado
AVArcabit (arcavir)Trojan.Androm.Gen.1
AVEmsisoftTrojan.Androm.Gen.1
AVMalwareBytesTrojan.FakeMS.ED

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\6237f4043525ba8d96fdcfecacaeaabeaadd1844.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\D
Creates FileC:\Users\Phil\AppData\Local\Temp\D
Creates FileC:\Users\Phil\AppData\Local\Temp\6237f4043525ba8d96fdcfecacaeaabeaadd1844.exe

Network Details:


Raw Pcap

Strings