Analysis Date2018-02-14 12:54:42
MD50e1bf0deb5c9bd67cefa900f14f44234
SHA190a288bb01cd787dfdf849bee60369fc3768da25

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
PEhash
AVArcabit (arcavir)Gen:Variant.Symmi.78895
AVAuthentiumNo Virus
AVGrisoft (avg)No Virus
AVAvira (antivir)ADWARE/InstMonster.Gen7
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.Symmi.78895
AVBitDefenderGen:Variant.Symmi.78895
AVBullGuardGen:Variant.Symmi.78895
AVClamAVError Scanning File
AVDr. WebTrojan.InstallMonster.2614
AVEmsisoftGen:Variant.Symmi.78895
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Injector.CTWA!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Symmi.78895
AVIkarusError Scanning File
AVK7No Virus
AVKasperskyTrojan.Win32.Inject.aiflu
AVMalwareBytesError Scanning File
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Inject.exlcqo
AVNANOTrojan.Win32.Inject.exlcrj
AVNANOTrojan.Win32.Inject.exlcwd
AVNANOTrojan.Win32.Inject.exlcwm
AVNANOTrojan.Win32.Inject.exlcxh
AVNANOTrojan.Win32.Inject.exlcxx
AVNANOTrojan.Win32.Inject.exlcyo
AVNANOTrojan.Win32.Inject.exlcyp
AVNANOTrojan.Win32.Inject.exlczd
AVNANOTrojan.Win32.Inject.exlczk
AVNANOTrojan.Win32.Inject.exlczy
AVNANOTrojan.Win32.Inject.exldac
AVNANOTrojan.Win32.Inject.exldag
AVNANOTrojan.Win32.Inject.exldak
AVNANOTrojan.Win32.Inject.exldaq
AVNANOTrojan.Win32.Inject.exldbb
AVNANOTrojan.Win32.Inject.exldci
AVNANOTrojan.Win32.Inject.exlddp
AVNANOTrojan.Win32.Inject.exlddq
AVNANOTrojan.Win32.Inject.exldga
AVNANOTrojan.Win32.Inject.exldgm
AVNANOTrojan.Win32.Inject.exldhn
AVNANOTrojan.Win32.Inject.exldhr
AVNANOTrojan.Win32.Inject.exldhv
AVNANOTrojan.Win32.Inject.exldix
AVNANOTrojan.Win32.Inject.exldld
AVNANOTrojan.Win32.Inject.exldlf
AVNANOTrojan.Win32.Inject.exldln
AVNANOTrojan.Win32.Inject.exldmt
AVNANOTrojan.Win32.Inject.exldoy
AVNANOTrojan.Win32.Inject.exldpr
AVNANOTrojan.Win32.Inject.exldpv
AVNANOTrojan.Win32.Inject.exldqa
AVNANOTrojan.Win32.Inject.exldqs
AVNANOTrojan.Win32.Inject.exldra
AVNANOTrojan.Win32.Inject.exldrb
AVNANOTrojan.Win32.InstallMonster.exlczs
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\THX1138\AppData\Local\Temp\90a288bb01cd787dfdf849bee60369fc3768da25.exe

Network Details:


Raw Pcap

Strings