Analysis Date2018-04-18 19:20:22
MD50090b17ed68870aae12aa649c2150516
SHA16271ba7ff7ac650b0a7de59b51706d4ac52dc82e

Static Details:

File typeAndroid binary XML
PEhash
AVAvira (antivir)No Virus
AVFortinetNo Virus
AVGrisoft (avg)No Virus
AVBullGuardError Scanning File
AVCAT (quickheal)No Virus
AVTwisterNo Virus
AVArcabit (arcavir)Error Scanning File
AVRisingNo Virus
AVF-SecureNo Virus
AVDr. WebNo Virus
AVNANONo Virus
AVWindows DefenderNo Virus
AVSymantecNo Virus
AVEset (nod32)No Virus
AVMalwareBytesError Scanning File
AVVirusBlokAda (vba32)No Virus
AV360 SafeNo Virus
AVAuthentiumNo Virus
AVAlwil (avast)No Virus
AVMcafeeNo Virus
AVKasperskyError Scanning File
AVAd-AwareNo Virus
AVZillya!Error Scanning File
AVMicroWorld (escan)No Virus
AVClamAVError Scanning File
AVK7No Virus
AVIkarusError Scanning File
AVCA (E-Trust Ino)Error Scanning File
AVPadvishNo Virus
AVTrend MicroNo Virus
AVFrisk (f-prot)No Virus
AVEmsisoftNo Virus
AVSUPERAntiSpywareNo Virus
AVMicrosoft Security EssentialsNo Virus
AVBitDefenderNo Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\Phil\Desktop\desktop.ini

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\Fonts\staticcache.dat
Creates Mutex

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings