Analysis Date2018-04-18 06:48:28
MD56c6498d2396e01202842e5e874aadc3f
SHA1cda589a8ee74a0ec1abe872758c56413509b759c

Static Details:

File typePHP script, ASCII text, with very long lines, with CRLF line terminators
PEhash
AVBitDefenderNo Virus
AVTrend MicroNo Virus
AVEmsisoftNo Virus
AVArcabit (arcavir)No Virus
AVPadvishNo Virus
AVIkarusNo Virus
AVMicroWorld (escan)No Virus
AVAd-AwareNo Virus
AVAuthentiumNo Virus
AV360 SafeNo Virus
AVVirusBlokAda (vba32)No Virus
AVBullGuardNo Virus
AVKasperskyNo Virus
AVSymantecNo Virus
AVF-SecureNo Virus
AVNANONo Virus
AVRisingNo Virus
AVCAT (quickheal)No Virus
AVClamAVNo Virus
AVFortinetNo Virus
AVZillya!No Virus
AVAvira (antivir)No Virus
AVCA (E-Trust Ino)No Virus
AVMicrosoft Security EssentialsNo Virus
AVSUPERAntiSpywareNo Virus
AVFrisk (f-prot)No Virus
AVEset (nod32)PHP/Kryptik.AB
AVK7No Virus
AVMcafeeNo Virus
AVAlwil (avast)No Virus
AVMalwareBytesError Scanning File
AVDr. WebNo Virus
AVWindows DefenderNo Virus
AVTwisterNo Virus
AVGrisoft (avg)No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Windows\System32\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\Phil\Desktop\desktop.ini

Process
↳ C:\Windows\System32\rundll32.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\Fonts\staticcache.dat
Creates Mutex

Process
↳ C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

Process
↳ C:\Program Files (x86)\Adobe\Reader 10.0\Reader\wow_helper.exe

Network Details:


Raw Pcap

Strings