Analysis Date2018-02-09 06:59:42
MD58f44af37edca042a5a8088c5edd94f7c
SHA1cd08fdf68924e623365ec3a5328ee52af14518e0

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Symmi.25939
AVAuthentiumNo Virus
AVGrisoft (avg)Win32/DH{TA?}
AVAvira (antivir)TR/Dropper.Gen9
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.Symmi.25939
AVBitDefenderGen:Variant.Symmi.25939
AVBullGuardGen:Variant.Symmi.25939
AVClamAVNo Virus
AVDr. WebTool.BtcMine.1145
AVDr. WebTrojan.BtcMine.1759
AVEmsisoftGen:Variant.Symmi.25939
AVMicroWorld (escan)Gen:Variant.Symmi.25939
AVCA (E-Trust Ino)Gen:Variant.Symmi.25939
AVFortinetW32/Agent.OJQ!tr.spy
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Symmi.25939
AVIkarusError Scanning File
AVK7Error Scanning File
AVKasperskyHEUR:RiskTool.Win32.BitCoinMiner.gen
AVKasperskyHEUR:RiskTool.Win32.BitMiner.gen
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANORiskware.Win32.BitMiner.ewvndj
AVEset (nod32)No Virus
AVPadvishTrojan.Win32.Bitcoin.S
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecTrojan.Gen
AVTrend MicroNo Virus
AVTwisterW64.CoinMiner.CZ.gcqr
AVVirusBlokAda (vba32)Win32.Trojan.Dropper.Heur
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\svchost ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Taskmgr.exe\Debugger ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZhuDongFangYu.exe\Debugger ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe\Debugger ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\Debugger ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Tray.exe\Debugger ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger ➝
C:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Windows\config.json
Creates FileC:\Windows\svchost.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
Creates FileC:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\DVD Maker\DVDMaker.exe
Creates FileC:\Program Files\DVD Maker\DVDMaker.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Internet Explorer\ieinstal.exe
Creates FileC:\Program Files\Internet Explorer\ieinstal.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Internet Explorer\ielowutil.exe
Creates FileC:\Program Files\Internet Explorer\ielowutil.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Internet Explorer\iexplore.exe
Creates FileC:\Program Files\Internet Explorer\iexplore.exe
Creates FileC:\Users\THX1138\AppData\Local\Temp\cd08fdf68924e623365ec3a5328ee52af14518e0.exe
Creates FileC:\Program Files\Microsoft Games\Chess\Chess.exe
Creates FileC:\Program Files\Microsoft Games\Chess\Chess.exe
Creates Mutex
Creates Mutex

Process
↳ C:\Windows\svchost.exe

Creates Mutex
Creates Mutex
Creates FileC:\Windows\System32\wship6.dll
Creates FileC:\Windows\System32\wship6.dll
Creates FileC:\Windows\System32\wship6.dll
Creates FileC:\Windows\System32\wshqos.dll
Creates FileC:\Windows\System32\wshqos.dll
Creates FileC:\Windows\System32\wshqos.dll
Creates FileC:\Windows\System32\wshqos.dll
Creates FileC:\Windows\config.json

Network Details:


Raw Pcap

Strings