Analysis Date2018-03-24 02:57:18
MD55c55d713e19fd430a08fcda1f69dcb3b
SHA1c423920583f0a35174f58dfa7028790c525fe452

Static Details:

AVArcabit (arcavir)Gen:Variant.Johnnie.88863
AVAuthentiumW32/Trojan.GKVV-6382
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Hijacker.Gen
AVAlwil (avast)GenMaliciousA-DVE [Trj]
AVAd-AwareGen:Variant.Johnnie.88863
AVBitDefenderGen:Variant.Johnnie.88863
AVBullGuardError Scanning File
AVClamAVError Scanning File
AVDr. WebNo Virus
AVEmsisoftGen:Variant.Johnnie.88863
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/PossibleThreat
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Johnnie.88863
AVIkarusError Scanning File
AVK7No Virus
AVKasperskyError Scanning File
AVMalwareBytesError Scanning File
AVMcafeeGeneric.dx!EBBDA07F5487
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)Trojan.Dynamer
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterTrojan.DOMG.ajmd
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\c423920583f0a35174f58dfa7028790c525fe452.dll

Process
↳ C:\Windows\SysWOW64\rundll32.exe

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings