Analysis Date2018-05-19 21:27:25
MD5bb66387cf3b2022c76aea2f37114de1b
SHA1b2cec10b391031af86b3e63c6487ff53414c6d7a

Static Details:

AVArcabit (arcavir)Trojan.GenericKD.12793431
AVAuthentiumW32/Trojan.VZMC-8051
AVGrisoft (avg)Zbot.AXCQ
AVAvira (antivir)TR/AD.LibInject.mrsrx
AVAlwil (avast)Error Scanning File
AVAd-AwareTrojan.GenericKD.12793431
AVBitDefenderTrojan.GenericKD.12793431
AVBullGuardTrojan.GenericKD.12793431
AVClamAVError Scanning File
AVDr. WebTrojan.MulDrop7.60176
AVEmsisoftTrojan.GenericKD.12793431
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Kryptik.GATM!tr
AVFrisk (f-prot)W32/Zbot.AAZA
AVF-SecureTrojan.GenericKD.12793431
AVIkarusError Scanning File
AVK7Spyware ( 0051fb6b1 )
AVKasperskyError Scanning File
AVMalwareBytesNo Virus
AVMcafeeGeneric Trojan.i
AVMicrosoft Security EssentialsPWS:Win32/Zbot
AVNANOTrojan.Win32.Dapato.exibgz
AVEset (nod32)Win32/Spy.Zbot.ADC
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecTrojan.Gen.2
AVTrend MicroTSPY_ZBOT.CBQ
AVTwisterNo Virus
AVVirusBlokAda (vba32)TrojanDownloader.Dapato
AVWindows DefenderPWS:Win32/Zbot
AVZillya!Downloader.Dapato.Win32.5637

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\b2cec10b391031af86b3e63c6487ff53414c6d7a.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\b2cec10b391031af86b3e63c6487ff53414c6d7a.exe
Creates FileC:\popupkiller.exe
Creates FileC:\stimulator.exe
Creates FileC:\TOOLS\execute.exe
Creates File\??\NPF_NdisWanIp
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates Mutex1314717C007C4BFCF22CC2839272996B
Creates MutexSandboxie_SingleInstanceMutex_Control
Creates MutexFrz_State

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat
Creates FileC:\Users\Phil\AppData\Local\Temp\upd6e94849a.bat

Network Details:


Raw Pcap

Strings