Analysis Date2016-02-06 13:19:10
MD544a1a8c29fcdd0dd3c01cdbd6441881b
SHA1aa9d38eca69bd0f50582fa5e3c5da0afa4995d74

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: 61405545b9d6a514b8bef37167e18367 sha1: 9b2b15f9aa288a968981cff2b805d9ca9d9749a4 size: 958464
Section.data md5: sha1: size:
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: ba4f2c1dcc167d3c9393cbea468f46fa sha1: eb1baf173094fa52ae6b2a48d2c0efc6962e676a size: 4096
Section.rsrc md5: 927c04f685e8039af6d2f6cb9660b496 sha1: c25a1f8ea18c24de97ced325ed350b2d912dadda size: 4096
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhashf34d5f2d4577ed6d9ceec516c1f5a744
AVAd-AwareError Scanning File
AVAlwil (avast)Error Scanning File
AVArcabit (arcavir)Error Scanning File
AVAuthentiumError Scanning File
AVAvira (antivir)Error Scanning File
AVBitDefenderError Scanning File
AVBullGuardError Scanning File
AVCA (E-Trust Ino)Error Scanning File
AVCAT (quickheal)Error Scanning File
AVClamAVError Scanning File
AVDr. WebError Scanning File
AVEmsisoftError Scanning File
AVEset (nod32)Error Scanning File
AVF-SecureError Scanning File
AVFortinetError Scanning File
AVFrisk (f-prot)Error Scanning File
AVGrisoft (avg)Error Scanning File
AVIkarusError Scanning File
AVK7Error Scanning File
AVKasperskyError Scanning File
AVMalwareBytesError Scanning File
AVMcafeeError Scanning File
AVMicroWorld (escan)Error Scanning File
AVMicrosoft Security EssentialsError Scanning File
AVRisingError Scanning File
AVSymantecError Scanning File
AVTrend MicroError Scanning File
AVTwisterError Scanning File
AVVirusBlokAda (vba32)Error Scanning File
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Creates Mutex
Creates Mutex
Creates Mutexf2687dfa-76ea-4e42-bac6-798b678e233d
Creates Mutexeed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-21-3542270870-992954940-2626765878-1000
Creates Mutex
Creates MutexGlobal\.net clr networking
Creates MutexGlobal\.net clr networking
Creates FileC:\Windows\AppPatch\AcGenral.DLL
Creates FileC:\Windows\AppPatch\AcLayers.DLL
Creates FileC:\Windows\system32\l_intl.nls
Creates FileC:\Windows\assembly\pubpol4.dat
Creates FileC:\Users\Admin\AppData\Roaming\Imminent\Path.dat
Creates FileC:\Windows\system32\tzres.dll
Creates FileC:\Users\Admin\AppData\Roaming\Imminent\Logs\06-02-2016
Creates FileNsi
Creates FileC:\Users\Admin\AppData\Roaming\Imminent\Logs\06-02-2016
Creates FileC:\Users\Admin\AppData\Roaming\Imminent\Logs\06-02-2016
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\macrons ➝
C:\Users\Admin\AppData\Roaming\macrons\macrons.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\Version ➝
7

Process
↳ C:\Windows\System32\schtasks.exe

Creates Mutex
Creates FileC:\Users\Admin\AppData\Local\Temp\1547424608.xml

Process
↳ C:\aa9d38eca69bd0f50582fa5e3c5da0afa4995d74.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates MutexLocal\ZonesCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
Creates FileC:\aa9d38eca69bd0f50582fa5e3c5da0afa4995d74.exe.config
Creates FileC:\aa9d38eca69bd0f50582fa5e3c5da0afa4995d74.exe
Creates FileC:\aa9d38eca69bd0f50582fa5e3c5da0afa4995d74.exe.config
Creates FileC:\Windows\system32\l_intl.nls
Creates FileC:\aa9d38eca69bd0f50582fa5e3c5da0afa4995d74.exe
Creates FileC:\Windows\assembly\pubpol4.dat
Creates FileC:\Users\Admin\AppData\Local\Temp\1547424608.xml
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000009.db
Creates FileC:\Windows\System32\schtasks.exe
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1

Process
↳ C:\Users\Admin\AppData\Local\Temp\RarSFX0\gVBchpp.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\gVBchpp.exe.config
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\gVBchpp.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\gVBchpp.exe.config
Creates FileC:\Windows\system32\l_intl.nls
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\gVBchpp.exe
Creates FileC:\Windows\assembly\pubpol4.dat
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\JrVzWJrYnjUOghD.dat
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\JrVzWJrYnjUOghD.dat

Process
↳ C:\aa9d38eca69bd0f50582fa5e3c5da0afa4995d74.exe

Creates FileC:\Users\Admin\AppData\Local\Temp\FB_3EC5.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_3EC5.tmp.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000009.db
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_3EC5.tmp.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp.exe
Creates Mutex
Creates MutexLocal\ZonesCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
Creates Mutex
Creates MutexLocal\ZonesCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1

Process
↳ C:\Users\Admin\AppData\Local\Temp\FB_3EC5.tmp.exe

Creates Mutex
Creates Mutex
Creates MutexLocal\ZonesCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
Creates Mutex
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_3EC5.tmp.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_3EC5.tmp.exe
Creates File__tmp_rar_sfx_access_check_8432097
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_3EC5.tmp.exe
Creates FilegVBchpp.exe
Creates FileJrVzWJrYnjUOghD.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000009.db
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\gVBchpp.exe
Creates FileC:\Windows\AppPatch\pcamain.sdb
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0\gVBchpp.exe
Creates FileC:\Users\desktop.ini
Creates FileC:\
Creates File\SystemRoot\AppPatch\sysmain.sdb
Creates FileC:\Windows\system32\ntshrui.dll
Creates FileC:\Windows\system32\ntshrui.dll
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0
Creates FileC:\Users\Admin\AppData\Local\Temp\RarSFX0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1

Process
↳ C:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp.exe

Creates FileC:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp.exe.config
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp.exe.config
Creates FileC:\Windows\system32\l_intl.nls
Creates FileC:\Users\Admin\AppData\Local\Temp\FB_40F7.tmp.exe
Creates FileC:\Windows\assembly\pubpol4.dat
Creates Mutex

Network Details:


Raw Pcap

Strings