Analysis Date2018-05-17 16:26:35
MD52dfbcb52b3762ed0609bad6f52470268
SHA18dce8153590c9e456f45aca8c1705ccdcec77892

Static Details:

AVArcabit (arcavir)Trojan.Generic.21486633
AVAuthentiumNo Virus
AVGrisoft (avg)Pakes.REX
AVAvira (antivir)TR/Crypt.Xpack.39161
AVAlwil (avast)Trojan-gen
AVAlwil (avast)Win32:Trojan-gen
AVAd-AwareTrojan.Generic.21486633
AVBitDefenderTrojan.Generic.21486633
AVBullGuardTrojan.Generic.21486633
AVClamAVWin.Trojan.Agent-1345880
AVDr. WebTrojan.MulDrop6.3201
AVEmsisoftTrojan.Generic.21486633
AVMicroWorld (escan)Trojan.Generic.21486633
AVCA (E-Trust Ino)Trojan.Ransom.Cerber.1
AVFortinetW32/Kryptik.FNNB!tr
AVFrisk (f-prot)No Virus
AVF-SecureTrojan.Generic.21486633
AVIkarusTrojan.Win32.Kovter
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesNo Virus
AVMcafeeGenericRXED-HK!2DFBCB52B376
AVMicrosoft Security EssentialsTrojan:Win32/Kovter!rfn
AVNANOTrojan.Win32.Yakes.dwbydt
AVEset (nod32)Win32/Kovter.C
AVPadvishNo Virus
AVCAT (quickheal)Trojan.Generic.B4
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterW32.Kovter.C.ozgy
AVVirusBlokAda (vba32)Trojan.Yakes
AVWindows DefenderTrojan:Win32/Kovter!rfn
AVZillya!Trojan.Yakes.Win32.38650

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\8dce8153590c9e456f45aca8c1705ccdcec77892.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\.txt

Network Details:


Raw Pcap

Strings