Analysis Date2018-05-18 17:41:36
MD5cffb4e3de86f814da6c8752f68636b03
SHA16d49ef9f4c19133f8183c5101d53aae0cc22787a

Static Details:

AVArcabit (arcavir)Trojan.Spy.Zbot.FNO
AVAuthentiumW32/Zbot.BR.gen!Eldorado
AVGrisoft (avg)Agent.7.BC
AVAvira (antivir)TR/Spy.A.6512
AVAlwil (avast)Crypt-BR [Trj]
AVAd-AwareTrojan.Spy.Zbot.FNO
AVBitDefenderTrojan.Spy.Zbot.FNO
AVBullGuardTrojan.Spy.Zbot.FNO
AVClamAVWin.Spyware.Zbot-1275
AVDr. WebTrojan.PWS.Panda.2401
AVEmsisoftTrojan.Spy.Zbot.FNO
AVMicroWorld (escan)Trojan.Spy.Zbot.FNO
AVCA (E-Trust Ino)Trojan.Spy.Zbot.FNO
AVFortinetW32/Zbot.AT!tr
AVFrisk (f-prot)W32/Zbot.BR.gen!Eldorado
AVF-SecureTrojan.Spy.Zbot.FNO
AVIkarusTrojan-Spy.Banker.Citadel
AVK7Error Scanning File
AVKasperskyTrojan-Spy.Win32.Zbot.ntpf
AVMalwareBytesSpyware.Citadel
AVMcafeePWS-Zbot.gen.vo
AVMicrosoft Security EssentialsPWS:Win32/Zbot
AVNANOTrojan.Win32.Panda.bqoxse
AVNANOTrojan.Win32.Panda.crsvzn
AVEset (nod32)Win32/Spy.Zbot.AAO
AVPadvishSpy.Win32.Zbot.ntpf
AVCAT (quickheal)TrojanPWS.Zbot.Gen
AVRisingTrojan.PSW.Zbot!47F5
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-MalPE
AVSymantecTrojan.Zbot
AVTrend MicroTSPY_ZBOT.SMQF
AVTwisterTrojan.558BEC83EC0C536A0.mg
AVVirusBlokAda (vba32)SScope.Trojan.FakeAV.01110
AVWindows DefenderPWS:Win32/Zbot
AVZillya!Trojan.ZbotGen.Win32.5

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\6d49ef9f4c19133f8183c5101d53aae0cc22787a.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\6d49ef9f4c19133f8183c5101d53aae0cc22787a.exe

Network Details:


Raw Pcap

Strings