Analysis Date2018-04-27 04:49:55
MD530f3e3c0db6ca1669173fa98d4833be2
SHA171b68a63c3be9116fc0d73f11db68a9f47690f05

Static Details:

File typePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Johnnie.88863
AVAuthentiumW32/Trojan.GKVV-6382
AVGrisoft (avg)Generic37.BJLU.dropper
AVAvira (antivir)TR/PWS.Sinowal.Gen
AVAlwil (avast)GenMaliciousA-DVE [Trj]
AVAd-AwareGen:Variant.Johnnie.88863
AVBitDefenderGen:Variant.Johnnie.88863
AVBullGuardGen:Variant.Johnnie.88863
AVClamAVNo Virus
AVDr. WebNo Virus
AVEmsisoftGen:Variant.Johnnie.88863
AVMicroWorld (escan)Gen:Variant.Johnnie.88863
AVCA (E-Trust Ino)No Virus
AVFortinetW32/PossibleThreat
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Johnnie.88863
AVIkarusPUA.RiskWare.Smsbomber
AVK7Error Scanning File
AVKasperskyNo Virus
AVMalwareBytesNo Virus
AVMcafeeGeneric.dx!EBBDA07F5487
AVMicrosoft Security EssentialsTrojan:Win32/Dynamer!ac
AVNANONo Virus
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)Trojan.Dynamer
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterTrojan.DOMG.ajmd
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderTrojan:Win32/Dynamer!ac
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\71b68a63c3be9116fc0d73f11db68a9f47690f05.dll

Process
↳ C:\Windows\SysWOW64\rundll32.exe

Network Details:


Raw Pcap

Strings