Analysis Date2018-04-10 06:31:43
MD50ec056c07741562ad03c6f8b33203147
SHA18e15304cb622a305f1ebc116a4f535772178cd9e

Static Details:

AVBullGuardGen:Variant.Kazy.66873
AVF-SecureGen:Variant.Kazy.66873
AVMcafeePWS-Zbot.gen.hv
AVCA (E-Trust Ino)Gen:Variant.Kazy.66873
AVVirusBlokAda (vba32)No Virus
AV360 SafeNo Virus
AVKasperskyTrojan.Win32.Generic
AVBitDefenderGen:Variant.Kazy.66873
AVSymantecNo Virus
AVWindows DefenderTrojan:Win32/Toga!rfn
AVEmsisoftGen:Variant.Kazy.66873
AVRisingNo Virus
AVArcabit (arcavir)Gen:Variant.Kazy.66873
AVK7Trojan ( 00390b3d1 )
AVMalwareBytesTrojan.Agent.MRGGen
AVMicroWorld (escan)Gen:Variant.Kazy.66873
AVClamAVNo Virus
AVNANOTrojan.Win32.Obfuscate.bodpeu
AVAd-AwareGen:Variant.Kazy.66873
AVZillya!No Virus
AVMicrosoft Security EssentialsNo Virus
AVCAT (quickheal)TrojanPWS.Zbot.Gen
AVTwisterTrojan.0000558BEC83EC0C@.mg
AVFortinetW32/ZeroAccess.B!tr
AVTrend MicroTSPY_ZBOT.SM32
AVIkarusTrojan-Ransom.Win32.Birele
AVAuthentiumW32/ProxyBot.B.gen!Eldorado
AVGrisoft (avg)Error Scanning File
AVAlwil (avast)MalOb-IJ [Cryp]
AVDr. WebNo Virus
AVFrisk (f-prot)W32/ProxyBot.B.gen!Eldorado
AVAvira (antivir)TR/Obfuscate.xinma
AVPadvishError Scanning File
AVSUPERAntiSpywareTrojan.Agent/Gen-Worsec
AVEset (nod32)Win32/Kryptik.AEPA

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\8e15304cb622a305f1ebc116a4f535772178cd9e.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Network Details:


Raw Pcap

Strings