Analysis Date2018-04-17 19:33:12
MD51706de92ec2a197552f004d6957490de
SHA176014cd149b919833cb640b98b03b722c550f3b2

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Kazy.20920
AVAuthentiumW32/FakeAlert.KN.gen!Eldorado
AVGrisoft (avg)No Virus
AVAvira (antivir)TR/Patched.Ren.Gen3
AVAlwil (avast)Error Scanning File
AVAd-AwareGen:Variant.Kazy.20920
AVBitDefenderGen:Variant.Kazy.20920
AVBullGuardGen:Variant.Kazy.20920
AVClamAVNo Virus
AVDr. WebNo Virus
AVEmsisoftGen:Variant.Kazy.20920
AVMicroWorld (escan)Gen:Variant.Kazy.20920
AVCA (E-Trust Ino)Gen:Variant.Kazy.20920
AVFortinetW32/Diple.IZ!tr
AVFrisk (f-prot)W32/FakeAlert.KN.gen!Eldorado
AVF-SecureGen:Variant.Kazy.20920
AVIkarusNo Virus
AVK7Error Scanning File
AVKasperskyNo Virus
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)Generik.GVCORFS
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-MalPE
AVSymantecTrojan.FakeAV!gen52
AVTrend MicroTROJ_KRYPTO.SMIJ
AVTwisterTrojan.558BEC81C4/FFFFFF.mg
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f537461 67654f6e 652f3736   GET /StageOne/76
0x00000010 (00016)   30313463 64313439 62393139 38333363   014cd149b919833c
0x00000020 (00032)   62363430 62393862 30336237 32326335   b640b98b03b722c5
0x00000030 (00048)   35306633 62325f65 78652f30 5f305f30   50f3b2_exe/0_0_0
0x00000040 (00064)   5f302f34 62373539 3336342f 6e74646c   _0/4b759364/ntdl
0x00000050 (00080)   6c5f646c 6c2f365f 315f3736 30305f31   l_dll/6_1_7600_1
0x00000060 (00096)   36333835 2f346135 62646233 622f6330   6385/4a5bdb3b/c0
0x00000070 (00112)   30303030 30352f30 30303365 3833312e   000005/0003e831.
0x00000080 (00128)   68746d3f 4c434944 3d313033 33264f53   htm?LCID=1033&OS
0x00000090 (00144)   3d362e31 2e373630 302e322e 30303031   =6.1.7600.2.0001
0x000000a0 (00160)   30313030 2e302e30 2e34382e 31363338   0100.0.0.48.1638
0x000000b0 (00176)   3526534d 3d4c454e 4f564f26 53504e3d   5&SM=LENOVO&SPN=
0x000000c0 (00192)   32323431 57325526 42563d36 46455435   2241W2U&BV=6FET5
0x000000d0 (00208)   36575725 32302832 2e303225 32302926   6WW%20(2.02%20)&
0x000000e0 (00224)   4d49443d 33443843 41344430 2d353543   MID=3D8CA4D0-55C
0x000000f0 (00240)   412d3442 35382d38 3030442d 37463744   A-4B58-800D-7F7D
0x00000100 (00256)   37434235 39343135 20485454 502f312e   7CB59415 HTTP/1.
0x00000110 (00272)   310d0a43 6f6e6e65 6374696f 6e3a204b   1..Connection: K
0x00000120 (00288)   6565702d 416c6976 650d0a55 7365722d   eep-Alive..User-
0x00000130 (00304)   4167656e 743a204d 5344570d 0a486f73   Agent: MSDW..Hos
0x00000140 (00320)   743a2077 6174736f 6e2e6d69 63726f73   t: watson.micros
0x00000150 (00336)   6f66742e 636f6d0d 0a0d0a              oft.com....


Strings