Analysis Date2018-02-02 00:12:41
MD57136a8923f154a7ef5bbfd33642a683b
SHA1680dfa722ddb286f34a2dfb596e8d6e0418ac9ca

Static Details:

File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.MSILPerseus.139242
AVAuthentiumW32/Trojan.HGWA-4859
AVGrisoft (avg)Atros6.BIWG
AVAvira (antivir)TR/Inject.sbbeijz
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.MSILPerseus.139242
AVBitDefenderGen:Variant.MSILPerseus.139242
AVBullGuardError Scanning File
AVClamAVError Scanning File
AVDr. WebTrojan.DownLoader19.37002
AVEmsisoftGen:Variant.MSILPerseus.139242
AVMicroWorld (escan)Gen:Variant.MSILPerseus.139242
AVCA (E-Trust Ino)Error Scanning File
AVFortinetMSIL/GenKryptik.BKSR!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.MSILPerseus.139242
AVIkarusError Scanning File
AVK7Trojan ( 0052215c1 )
AVKasperskyError Scanning File
AVMalwareBytesNo Virus
AVMcafeeTrojan-FOMH!7136A8923F15
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Inject.exltwz
AVEset (nod32)MSIL/GenKryptik.BKSR
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecTrojan.Gen
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)Trojan.MSIL.Disfa
AVWindows DefenderTrojan:Win32/Skeeyah.A!rfn
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\THX1138\AppData\Local\Temp\680dfa722ddb286f34a2dfb596e8d6e0418ac9ca.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Creates FileC:\Users\THX1138\AppData\Local\Temp\680dfa722ddb286f34a2dfb596e8d6e0418ac9ca.exe.config
Creates FileC:\Users\THX1138\AppData\Local\Temp\680dfa722ddb286f34a2dfb596e8d6e0418ac9ca.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\680dfa722ddb286f34a2dfb596e8d6e0418ac9ca.exe
Creates FileC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Creates FileC:\Users\THX1138\AppData\Local\Temp\680dfa722ddb286f34a2dfb596e8d6e0418ac9ca.exe.config
Creates FileC:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll.aux
Creates FileC:\Users\THX1138\AppData\Local\Temp\680dfa722ddb286f34a2dfb596e8d6e0418ac9ca.exe
Creates FileC:\Windows\assembly\pubpol4.dat
Creates FileC:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
Creates FileC:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\Microsoft.VisualBasic.ni.dll.aux
Creates FileC:\Windows\assembly\NativeImages_v4.0.30319_32\System\52cca48930e580e3189eac47158c20be\System.ni.dll.aux
Creates FileC:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55560c2014611e9119f99923c9ebdeef\System.Core.ni.dll.aux
Creates FileC:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5aac750b35b27770dccb1a43f83cced7\System.Windows.Forms.ni.dll.aux
Creates FileC:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\646b4b01cb29986f8e076aa65c9e9753\System.Drawing.ni.dll.aux
Creates FileC:\Users\THX1138\AppData\Local\Temp\680dfa722ddb286f34a2dfb596e8d6e0418ac9ca.exe
Creates FileC:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings