Analysis | #totalhash

Analysis Date	2018-05-10 21:58:27
MD5	1fe672d70f691a2e40e373e0ce54e2b8
SHA1	6c2b3989beccaaf4c511e73475cf18eb044f7bb4

Static Details:

AV	Arcabit (arcavir)	Win32.VJadtre.3
AV	Authentium	W32/PatchLoad.E
AV	Grisoft (avg)	Win32/Wapomi.I
AV	Avira (antivir)	W32/Jadtre.B
AV	Alwil (avast)	Error Scanning File
AV	Ad-Aware	Win32.VJadtre.3
AV	BitDefender	Win32.VJadtre.3
AV	BullGuard	Win32.VJadtre.3
AV	ClamAV	Error Scanning File
AV	Dr. Web	BackDoor.Darkshell.246
AV	Emsisoft	Win32.VJadtre.3
AV	MicroWorld (escan)	Win32.VJadtre.3
AV	CA (E-Trust Ino)	Error Scanning File
AV	Fortinet	W32/Wapomi.BA!tr
AV	Frisk (f-prot)	W32/PatchLoad.E
AV	F-Secure	Win32.VJadtre.3
AV	Ikarus	Error Scanning File
AV	K7	Virus ( 0040f7441 )
AV	Kaspersky	Error Scanning File
AV	MalwareBytes	No Virus
AV	Mcafee	W32/Kudj
AV	Microsoft Security Essentials	Virus:Win32/Mikcer.B
AV	NANO	Trojan.Win32.Banload.cstqaj
AV	Eset (nod32)	Win32/Wapomi.BA virus
AV	Padvish	No Virus
AV	CAT (quickheal)	W32.Nimnul.F1
AV	Rising	Win32.Roue.a
AV	360 Safe	Virus.Win32.Agent.P
AV	SUPERAntiSpyware	No Virus
AV	Symantec	Trojan.Gen.6
AV	Trend Micro	PE_WAPOMI.BM
AV	Twister	Virus.558BEC81EC@120000#.mg
AV	VirusBlokAda (vba32)	Virus.Nimnul.19209
AV	Windows Defender	Virus:Win32/Mikcer.B
AV	Zillya!	Virus.Nimnul.Win32.5

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\6c2b3989beccaaf4c511e73475cf18eb044f7bb4.exe

Creates File	C:\Users\Phil\AppData\Local\Temp\QuqNCSrw.exe
Creates File	C:\Users\Phil\AppData\Local\Temp\Resources\en\HelpViewerStrings.dat
Creates File	C:\Windows\Globalization\Sorting\sortdefault.nls
Creates File	C:\Windows\System32\ieframe.dll
Creates File	C:\Windows\System32\stdole2.tlb
Creates File	C:\
Creates File	C:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates File	C:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates File	C:\Users\desktop.ini
Creates File	C:\Users
Creates File	C:\Users\Phil
Creates File	C:\Users\Phil\AppData
Creates File	C:\Users\Phil\AppData\Local
Creates File	C:\Users\Phil\AppData\Local\Temp
Creates File	C:\Users\Phil\AppData\Local\Temp\help.html
Creates File	C:\
Creates Mutex
Creates Mutex
Creates Mutex

Process
↳ C:\Users\Phil\AppData\Local\Temp\QuqNCSrw.exe

Creates File	C:\Users\Phil\AppData\Local\Temp\QuqNCSrw.exe
Creates File	C:\Windows\Globalization\Sorting\sortdefault.nls
Creates File	C:\Program Files\DVD Maker\DVDMaker.exe
Creates File	C:\Program Files\Java\jre6\bin\java-rmi.exe
Creates File	C:\Program Files\Java\jre6\bin\java.exe
Creates File	C:\Program Files\Java\jre6\bin\javacpl.exe
Creates File	C:\Program Files\Java\jre6\bin\javaw.exe
Creates File	C:\Program Files\Java\jre6\bin\javaws.exe
Creates File	C:\Program Files\Java\jre6\bin\jbroker.exe
Creates File	C:\Program Files\Java\jre6\bin\jp2launcher.exe
Creates File	C:\Program Files\Java\jre6\bin\keytool.exe
Creates File	C:\Program Files\Java\jre6\bin\kinit.exe
Creates File	C:\Program Files\Java\jre6\bin\klist.exe
Creates File	C:\Program Files\Java\jre6\bin\ktab.exe
Creates File	C:\Program Files\Java\jre6\bin\orbd.exe
Creates File	C:\Program Files\Java\jre6\bin\pack200.exe
Creates File	C:\Program Files\Java\jre6\bin\policytool.exe
Creates File	C:\Program Files\Java\jre6\bin\rmid.exe
Creates File	C:\Program Files\Java\jre6\bin\rmiregistry.exe
Creates File	C:\Program Files\Java\jre6\bin\servertool.exe
Creates File	C:\Program Files\Java\jre6\bin\ssvagent.exe
Creates File	C:\Program Files\Java\jre6\bin\tnameserv.exe
Creates File	C:\Program Files\Java\jre6\bin\unpack200.exe
Creates File	C:\Program Files\Windows Defender\MpCmdRun.exe
Creates File	C:\Program Files\Windows Defender\MSASCui.exe
Creates File	C:\Program Files\Windows Journal\Journal.exe
Creates File	C:\Program Files\Windows Journal\PDIALOG.exe
Creates File	C:\Program Files\Windows Mail\wab.exe
Creates File	C:\Program Files\Windows Mail\wabmig.exe
Creates File	C:\Program Files\Windows Mail\WinMail.exe
Creates File	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe
Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuqNCSrw_RASMANCS\EnableFileTracing ➝ 0
Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuqNCSrw_RASMANCS\EnableConsoleTracing ➝ 0
Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuqNCSrw_RASMANCS\FileTracingMask ➝ 4294901760
Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuqNCSrw_RASMANCS\ConsoleTracingMask ➝ 4294901760
Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuqNCSrw_RASMANCS\MaxFileSize ➝ 1048576
Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuqNCSrw_RASMANCS\FileDirectory ➝ %windir%\tracing

Network Details:

Raw Pcap

Strings