Analysis Date2018-04-27 06:48:09
MD5d778f642c2307284b479e860b32c1be6
SHA1d3bf57ec9c000c74329d552f54f6a3c544238701

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVDr. WebTrojan.VbCrypt.60
AVZillya!No Virus
AVCA (E-Trust Ino)Gen:Variant.Sirefef.942
AVRisingTrojan.Win32.Generic.12B9F7A2
AVTrend MicroWORM_VOBFUS.SMAB
AVMcafeeGeneric VB.kk
AVF-SecureGen:Variant.Sirefef.942
AVTwisterVirus.EA77@1F8693#A094@2.mg
AVBullGuardGen:Variant.Sirefef.942
AVAuthentiumW32/Vobfus.BE.gen!Eldorado
AV360 SafeNo Virus
AVAd-AwareGen:Variant.Sirefef.942
AVMalwareBytesWorm.Obfuscator
AVVirusBlokAda (vba32)BScope.Malware-Cryptor.VBCR.1312
AVSUPERAntiSpywareTrojan.Agent/Gen-Autorun[VB]
AVWindows DefenderWorm:Win32/Vobfus
AVMicroWorld (escan)Gen:Variant.Sirefef.942
AVEmsisoftGen:Variant.Sirefef.942
AVGrisoft (avg)SHeur4.TRX
AVArcabit (arcavir)Gen:Variant.Sirefef.942
AVClamAVWin.Trojan.Vbcrypt-5743558-0
AVBitDefenderGen:Variant.Sirefef.942
AVSymantecW32.Changeup
AVIkarusTrojan.Win32.Vobfus
AVKasperskyWorm.Win32.Vobfus.dgkk
AVMicrosoft Security EssentialsNo Virus
AVAlwil (avast)VB-ABPT [Trj]
AVPadvishDropper.Win32.Injector.dfqi.Generic
AVFrisk (f-prot)W32/Vobfus.AD.gen!Eldorado
AVK7Error Scanning File
AVCAT (quickheal)Worm.Vobfus.Gen
AVAvira (antivir)Worm/Vobfus.mhna
AVFortinetW32/VBKrypt.C!tr
AVEset (nod32)Win32/AutoRun.VB.ASZ worm
AVNANOTrojan.Win32.Inject.cihuhl

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\d3bf57ec9c000c74329d552f54f6a3c544238701.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\d3bf57ec9c000c74329d552f54f6a3c544238701.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\d3bf57ec9c000c74329d552f54f6a3c544238701.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\d3bf57ec9c000c74329d552f54f6a3c544238701.exe
Creates FileC:\Users\Phil\yiebix.exe
Creates FileC:\Users\Phil\yiebix.exe
Creates MutexP

Process
↳ C:\Users\Phil\yiebix.exe

Creates FileC:\Users\Phil\yiebix.exe
Creates FileC:\Users\Phil\yiebix.exe
Creates MutexP
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\yiebix ➝
C:\Users\Phil\yiebix.exe /A
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ➝
0
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\yiebix ➝
C:\Users\Phil\yiebix.exe /S
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ➝
0

Network Details:


Raw Pcap

Strings