Analysis Date2018-03-06 18:19:06
MD5cd18f4645d16146b66d2da642ef427b5
SHA1901bd6fb343a4b84f779a8dd92047fdc2a27fb27

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVMicrosoft Security EssentialsWorm:Win32/Ludbaruma.A
AVSymantecSMG.Heur!gen
AVAd-AwareGeneric.Malware.SMP!Pk!g.B8D96178
AVGrisoft (avg)Win32/DH{gVKBUYFP?}
AVClamAVWin.Worm.Untukmu-5949608-0
AV360 SafeNo Virus
AVAuthentiumW32/Trojan.BDD.gen!Eldorado
AVKasperskyTrojan-Ransom.Win32.Blocker.kpuo
AVTwisterSuspicious.851E5F9BB35FB8DC
AVMalwareBytesTrojan.AVDis.CS
AVAvira (antivir)TR/BAS.Kryptik.shcqf
AVIkarusTrojan.Win32.Patched
AVMcafeeW32/Rontokbro.gen@MM
AVDr. WebTrojan.DownLoader7.3730
AVVirusBlokAda (vba32)Trojan.Downloader
AVZillya!Trojan.RegrunGen.Win32.1
AVArcabit (arcavir)Generic.Malware.SMP!Pk!g.B8D96178
AVArcabit (arcavir)Gen:Variant.Emotet.2
AVTrend MicroTSPY_LU.85367EC1
AVEmsisoftGeneric.Malware.SMP!Pk!g.B8D96178
AVEset (nod32)Win32/VB.ORD worm
AVNANOTrojan.Win32.Regrun.dxtouo
AVBitDefenderGeneric.Malware.SMP!Pk!g.B8D96178
AVWindows DefenderWorm:Win32/Ludbaruma.A
AVMicroWorld (escan)Generic.Malware.SMP!Pk!g.B8D96178
AVFortinetW32/Regrun.PKE!tr
AVPadvishTrojan.Win32.Regrun.pke
AVAlwil (avast)GenMalicious-EUW [Trj]
AVRisingWorm.Win32.VBInjectEx.a
AVF-SecureGeneric.Malware.SMP!Pk!g.B8D96178
AVAlwil (avast)Emotet-AI [Trj]
AVK7Trojan ( 0040f6141 )
AVBullGuardGeneric.Malware.SMP!Pk!g.B8D96178
AVCA (E-Trust Ino)Generic.Malware.SMP!Pk!g.B8D96178
AVSUPERAntiSpywareNo Virus
AVCAT (quickheal)Worm.Ludbaruma.A3
AVFrisk (f-prot)No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings