Analysis Date2018-05-05 15:20:26
MD5a4ddbaf901ad36018862ab8412f116fc
SHA190ad4cda3584410197ef85cf33836460d9a3b952

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVAuthentiumW64/BitCoin.I.gen!Eldorado
AVVirusBlokAda (vba32)Trojan.Autoit.Wirus
AVRisingNo Virus
AVMalwareBytesError Scanning File
AVGrisoft (avg)Error Scanning File
AVBitDefenderError Scanning File
AVEmsisoftTrojan.GenericKD.40223980
AV360 SafeNo Virus
AVArcabit (arcavir)Trojan.GenericKD.40223980
AVZillya!No Virus
AVAvira (antivir)No Virus
AVMicroWorld (escan)Trojan.GenericKD.30609536
AVSymantecSMG.Heur!gen
AVAlwil (avast)Malware-gen
AVClamAVNo Virus
AVNANONo Virus
AVEset (nod32)Win32/CoinMiner.JR
AVTwisterNo Virus
AVCAT (quickheal)No Virus
AVWindows DefenderTrojan:Win32/CoinMiner!rfn
AVTrend MicroNo Virus
AVFrisk (f-prot)No Virus
AVBullGuardTrojan.GenericKD.40223980
AVPadvishNo Virus
AVFortinetW32/CoinMiner.JR!tr
AVMicrosoft Security EssentialsTrojan:Win32/CoinMiner!rfn
AVSUPERAntiSpywareNo Virus
AVF-SecureTrojan.GenericKD.40223980
AVAd-AwareError Scanning File
AVCA (E-Trust Ino)Trojan.Generic.15241544
AVDr. WebTool.BtcMine.158
AVAlwil (avast)Win32:Malware-gen
AVMcafeeAgent-FDF!A4DDBAF901AD
AVKasperskyError Scanning File
AVIkarusNo Virus
AVK7Trojan ( 700000111 )

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\90ad4cda3584410197ef85cf33836460d9a3b952.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\90ad4cda3584410197ef85cf33836460d9a3b952.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Users\Phil\AppData\Local\Temp\90ad4cda3584410197ef85cf33836460d9a3b952.exe
Creates Mutex
Creates Mutex

Process
↳ C:\Users\Phil\AppData\Local\Temp\~a4ddbaf9.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\~a4ddbaf9.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Users\Phil\AppData\Local\Temp\~a4ddbaf9.exe
Creates Mutex
Creates Mutex

Network Details:


Raw Pcap

Strings