Analysis Date2018-05-12 20:18:57
MD570b1bc8ab9f8b063193e69ee78b0e883
SHA191d9c6837fc59d8df57e71f7da924c8840f3b301

Static Details:

AVArcabit (arcavir)Error Scanning File
AVAuthentiumNo Virus
AVGrisoft (avg)No Virus
AVAvira (antivir)No Virus
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareNo Virus
AVBitDefenderNo Virus
AVBullGuardNo Virus
AVClamAVNo Virus
AVDr. WebTrojan.StartPage.42458
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)No Virus
AVFortinetRiskware/BaiduSearch
AVFrisk (f-prot)No Virus
AVF-SecureNo Virus
AVIkarusGen.Trojan
AVK7Error Scanning File
AVKasperskyAdWare.NSIS.Baserch.gen
AVMalwareBytesAdware.ChinAd
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANORiskware.Nsis.BaiduSearch.eatfnc
AVNANORiskware.Nsis.BaiduSearch.eaudin
AVNANORiskware.Nsis.StartPage.dpacsq
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\91d9c6837fc59d8df57e71f7da924c8840f3b301.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\Desktop\desktop.ini

Network Details:


Raw Pcap

Strings