Analysis Date2018-04-19 01:17:22
MD5ba6639e70f4341605c4ada9d5ac104a7
SHA1765590b254f0f0b40248b5d3c1c9b2171db56ebd

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVNANOVirus.Win32.Sality.lreq
AVBullGuardTrojan.Pakes.ZUF
AVGrisoft (avg)Win32/Tanatos.A
AVFrisk (f-prot)W32/Cryptpack.A
AVZillya!No Virus
AVClamAVWin.Trojan.Sality-1055
AVTwisterTrojan.1689C751A310C487
AVMalwareBytesNo Virus
AVAuthentiumW32/Cryptpack.VFTZ-2892
AVF-SecureTrojan.Pakes.ZUF
AVAlwil (avast)Pakes-AWH [Trj]
AVIkarusVirus.Trojan.Win32.Pakes
AVKasperskyTrojan.Win32.Pakes.bxp
AVCAT (quickheal)Trojan.Pakes.gen
AVEset (nod32)Win32/Sality.AB virus
AVMcafeeW32/Sality.stub
AVCA (E-Trust Ino)Trojan.Pakes.ZUF
AV360 SafeNo Virus
AVAvira (antivir)TR/PCK.CryptPack.A
AVSUPERAntiSpywareError Scanning File
AVVirusBlokAda (vba32)Trojan.Pakes
AVTrend MicroTROJ_PAKES.AJU
AVBitDefenderTrojan.Pakes.ZUF
AVRisingTrojan.Win32.Agent.baa
AVWindows DefenderVirus:Win32/Sality.AM!corrupt
AVK7Error Scanning File
AVArcabit (arcavir)Trojan.Pakes.ZUF
AVEmsisoftTrojan.Pakes.ZUF
AVPadvishMalware.Trojan.Small-4845
AVMicroWorld (escan)Trojan.Pakes.ZUF
AVMicrosoft Security EssentialsVirus:Win32/Sality.AM!corrupt
AVDr. WebWin32.Sector.4
AVFortinetW32/Pakes.BXP!tr
AVSymantecW32.Sality.AB
AVAd-AwareTrojan.Pakes.ZUF

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\765590b254f0f0b40248b5d3c1c9b2171db56ebd.exe

Network Details:


Raw Pcap

Strings