Analysis Date2018-04-22 12:09:37
MD5d511226f5ceb5ad3189f88379dce4552
SHA18e51ffd668d720c99a98c192639a4a5779a8e7e5

Static Details:

File typePE32 executable (DLL) (GUI) Intel 80386, for MS Windows
PEhash
AVVirusBlokAda (vba32)AdWare.Virtumonde
AVAlwil (avast)Vupa [Cryp]
AVMalwareBytesNo Virus
AVTwisterNo Virus
AVRisingTrojan.Win32.VUNDO.bzl
AVFrisk (f-prot)W32/Virtumonde.AI.gen!Eldorado
AVAuthentiumW32/Virtumonde.AI.gen!Eldorado
AVGrisoft (avg)Error Scanning File
AVFortinetW32/Mondera.B!tr
AVPadvishMalware.Trojan.Agent-75064
AVZillya!Error Scanning File
AVClamAVWin.Trojan.Agent-133010
AVIkarusTrojan.Win32.Vundo
AVSUPERAntiSpywareNo Virus
AVF-SecureTrojan.Vundo.5722
AVK7Adware ( 004bc5671 )
AVCAT (quickheal)No Virus
AVEset (nod32)Win32/Adware.Virtumonde
AVBullGuardTrojan.Vundo.5722
AVWindows DefenderTrojan:Win32/Vundo
AVCA (E-Trust Ino)Trojan.Vundo.5722
AVTrend MicroMal_Vundo-21
AV360 SafeNo Virus
AVAvira (antivir)TR/Vundo.Gen
AVEmsisoftTrojan.Vundo.5722
AVMicrosoft Security EssentialsTrojan:Win32/Vundo
AVArcabit (arcavir)Trojan.Vundo.5722
AVKasperskyTrojan.Win32.Monder.cmwt
AVMcafeeVundo.gen.q
AVBitDefenderTrojan.Vundo.5722
AVAd-AwareTrojan.Vundo.5722
AVSymantecTrojan.Vundo
AVMicroWorld (escan)Trojan.Vundo.5722
AVDr. WebTrojan.Siggen.2006
AVNANOVirus.Win32.Gen-Crypt.ccnc

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\8e51ffd668d720c99a98c192639a4a5779a8e7e5.dll

Process
↳ C:\Windows\SysWOW64\rundll32.exe

Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui

Network Details:


Raw Pcap

Strings