Analysis Date2018-05-09 22:36:10
MD56414f72a9eca4c91d625d766b247361a
SHA1bb19869eae0a43ad7af67fb103f25dc39d76fda4

Static Details:

AVArcabit (arcavir)Gen:Variant.Ursu.165673
AVAuthentiumNo Virus
AVGrisoft (avg)Crypt4.BTZI
AVAvira (antivir)TR/Dropper.Gen
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.Ursu.165673
AVBitDefenderGen:Variant.Ursu.165673
AVBullGuardGen:Variant.Ursu.165673
AVClamAVNo Virus
AVDr. WebTrojan.Inject1.41270
AVEmsisoftGen:Variant.Ursu.165673
AVMicroWorld (escan)Gen:Variant.Ursu.165673
AVCA (E-Trust Ino)Gen:Variant.Razy.79624
AVFortinetW32/Kryptik.BYGK!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Ursu.165673
AVIkarusTrojan.Crypt3
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Cobalt.a
AVMalwareBytesNo Virus
AVMcafeeBackDoor-FDRT!6414F72A9ECA
AVMicrosoft Security EssentialsTrojan:Win32/Dorv.A!rfn
AVNANOTrojan.Win32.Inject1.dvaidu
AVEset (nod32)Win32/Rozena.SA
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecBackdoor.Rozena
AVTrend MicroNo Virus
AVTwisterTrojan.Agent.QFD.ryky.mg
AVVirusBlokAda (vba32)Trojan.Diple
AVWindows DefenderTrojan:Win32/Dorv.A!rfn
AVZillya!Trojan.Kryptik.Win32.777320

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\bb19869eae0a43ad7af67fb103f25dc39d76fda4.exe

Creates File\\?\pipe\Winsock2\CatalogChangeListener-7859-ced
Creates FileC:\Users\Phil\AppData\Local\Temp\bb19869eae0a43ad7af67fb103f25dc39d76fda4.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\bb19869eae0a43ad7af67fb103f25dc39d76fda4.exe
Creates FileC:\Users\Phil\Documents\31784641_225219694916254_6471846370188722176_n.jpg
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\Phil\Desktop\desktop.ini

Network Details:


Raw Pcap

Strings