Analysis Date2018-04-19 15:31:40
MD5adb1ab58e294ef53bf48c2e63841f025
SHA1bbfcb0f7d5d4e39d8f0664ceeb5b6058269ddd29

Static Details:

AVBitDefenderGen:Variant.Razy.19783
AVCA (E-Trust Ino)Error Scanning File
AVDr. WebTrojan.DownLoader18.59375
AVPadvishNo Virus
AVTrend MicroNo Virus
AVEset (nod32)Win32/Bayrob.BA
AVArcabit (arcavir)Gen:Variant.Razy.19783
AVSUPERAntiSpywareNo Virus
AVK7Trojan ( 004dc2a31 )
AVEmsisoftGen:Variant.Razy.19783
AVMcafeeTrojan-FHQT!ADB1AB58E294
AVFrisk (f-prot)W32/Nivdort.G.gen!Eldorado
AVKasperskyError Scanning File
AVMicroWorld (escan)Gen:Variant.Razy.19783
AVZillya!Error Scanning File
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort
AVAd-AwareGen:Variant.Razy.19783
AVIkarusNo Virus
AVCAT (quickheal)TrojanSpy.Nivdort.WR4
AVWindows DefenderTrojanSpy:Win32/Nivdort
AVRisingError Scanning File
AVF-SecureGen:Variant.Razy.19783
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Nivdort.A.20816
AVVirusBlokAda (vba32)No Virus
AVFortinetW32/Bayrob.AQ!tr
AV360 SafeNo Virus
AVNANOError Scanning File
AVAlwil (avast)Vupa [Cryp]
AVAuthentiumW32/Nivdort.G.gen!Eldorado
AVBullGuardError Scanning File
AVClamAVNo Virus
AVSymantecTrojan.Bayrob!gen6
AVMalwareBytesNo Virus
AVTwisterNo Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\bbfcb0f7d5d4e39d8f0664ceeb5b6058269ddd29.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\itjvpkv\gnltwxuggouo
Creates FileC:\itjvpkv\gnltwxuggouo
Creates Filec:\Users\Phil\AppData\Local\Temp\bbfcb0f7d5d4e39d8f0664ceeb5b6058269ddd29.exe
Creates FileC:\itjvpkv\mc6g26gnxxi1fsgcvdyg.exe

Process
↳ C:\itjvpkv\mc6g26gnxxi1fsgcvdyg.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\itjvpkv\gnltwxuggouo
Creates FileC:\itjvpkv\gnltwxuggouo
Creates FileC:\itjvpkv\kopsvqqoeoxk
Creates FileC:\itjvpkv\run

Process
↳ C:\itjvpkv\vfxncbwyxpg.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\itjvpkv\gnltwxuggouo
Creates FileC:\itjvpkv\gnltwxuggouo
Creates FileC:\itjvpkv\kopsvqqoeoxk

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2065   : close..Host: e
0x00000040 (00064)   78706572 69656e63 65636172 72792e6e   xperiencecarry.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000040 (00064)   656e746c 656d616e 66617468 65722e6e   entlemanfather.n
0x00000050 (00080)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2061   : close..Host: a
0x00000040 (00064)   6c726561 64796661 74686572 2e6e6574   lreadyfather.net
0x00000050 (00080)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000040 (00064)   656e746c 656d616e 6170706c 652e6e65   entlemanapple.ne
0x00000050 (00080)   740d0a0d 0a0a                         t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2061   : close..Host: a
0x00000040 (00064)   6c726561 64796170 706c652e 6e65740d   lreadyapple.net.
0x00000050 (00080)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000040 (00064)   656e746c 656d616e 6275696c 742e6e65   entlemanbuilt.ne
0x00000050 (00080)   740d0a0d 0a0a                         t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2061   : close..Host: a
0x00000040 (00064)   6c726561 64796275 696c742e 6e65740d   lreadybuilt.net.
0x00000050 (00080)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000040 (00064)   656e746c 656d616e 63617272 792e6e65   entlemancarry.ne
0x00000050 (00080)   740d0a0d 0a0a                         t.....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2061   : close..Host: a
0x00000040 (00064)   6c726561 64796361 7272792e 6e65740d   lreadycarry.net.
0x00000050 (00080)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000040 (00064)   6f6c6c6f 77666174 6865722e 6e65740d   ollowfather.net.
0x00000050 (00080)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   656d6265 72666174 6865722e 6e65740d   emberfather.net.
0x00000050 (00080)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000040 (00064)   6f6c6c6f 77617070 6c652e6e 65740d0a   ollowapple.net..
0x00000050 (00080)   0d0a0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   656d6265 72617070 6c652e6e 65740d0a   emberapple.net..
0x00000050 (00080)   0d0a0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000040 (00064)   6f6c6c6f 77627569 6c742e6e 65740d0a   ollowbuilt.net..
0x00000050 (00080)   0d0a0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   656d6265 72627569 6c742e6e 65740d0a   emberbuilt.net..
0x00000050 (00080)   0d0a0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2066   : close..Host: f
0x00000040 (00064)   6f6c6c6f 77636172 72792e6e 65740d0a   ollowcarry.net..
0x00000050 (00080)   0d0a0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   656d6265 72636172 72792e6e 65740d0a   embercarry.net..
0x00000050 (00080)   0d0a0a0d 0a0a                         ......


Strings