Analysis Date2018-05-17 19:07:01
MD5ded7e1cd247ec98827e9990011d98ad0
SHA1d4e402fbc7523b199a395a374a7e00d698be5633

Static Details:

AVArcabit (arcavir)Gen:Variant.Symmi.28546
AVAuthentiumW32/Trojan.KYQA-2633
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/BAS.Samca.13317892
AVAlwil (avast)Bundpil-C [Trj]
AVAd-AwareGen:Variant.Symmi.28546
AVBitDefenderGen:Variant.Symmi.28546
AVBullGuardGen:Variant.Symmi.28546
AVClamAVWin.Trojan.Agent-1109687
AVDr. WebBackDoor.Andromeda.178
AVEmsisoftGen:Variant.Symmi.28546
AVMicroWorld (escan)Gen:Variant.Symmi.28546
AVCA (E-Trust Ino)Gen:Variant.Symmi.28546
AVFortinetW32/Wauchos.LB!tr
AVFrisk (f-prot)W32/Trojan2.OAPW
AVF-SecureTrojan-Downloader:W32/Wauchos.F
AVIkarusTrojan-Downloader.Small
AVK7Error Scanning File
AVKasperskyBackdoor.Win32.Androm.deu
AVMalwareBytesError Scanning File
AVMcafeeW32/Worm-FKO!DED7E1CD247E
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.F
AVNANOTrojan.Win32.Andromeda.cjgqby
AVNANOTrojan.Win32.Andromeda.dpkxyv
AVEset (nod32)Win32/TrojanDownloader.Wauchos.L
AVPadvishWorm.Win32.Gamarue.SameMsiexec1
AVCAT (quickheal)Worm.Gamarue.A5
AVRisingNo Virus
AV360 SafeTrojan.Win32.Agent.FN
AVSUPERAntiSpywareError Scanning File
AVSymantecDownloader.Dromedan
AVTrend MicroWORM_GAMARUE.SMV
AVTwisterTrojan.3F06E5417E4C04E9
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Wauchos.2183
AVWindows DefenderWorm:Win32/Gamarue.F
AVZillya!Backdoor.Androm.Win32.2864

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\d4e402fbc7523b199a395a374a7e00d698be5633.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\d4e402fbc7523b199a395a374a7e00d698be5633.exe

Creates FileC:\Windows\SysWOW64\msiexec.exe

Process
↳ C:\Windows\SysWOW64\msiexec.exe

Creates Mutex3770066751
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\d4e402fbc7523b199a395a374a7e00d698be5633.exe
Creates FileC:\ProgramData\Local Settings\Temp\ccalpo.com
Creates FileC:\Windows\SysWOW64\msiexec.exe
Creates FileC:\ProgramData\Local Settings\Temp\ccalpo.com

Network Details:


Raw Pcap
0x00000000 (00000)   504f5354 202f6761 74653032 2e706870   POST /gate02.php
0x00000010 (00016)   20485454 502f312e 310d0a48 6f73743a    HTTP/1.1..Host:
0x00000020 (00032)   20646576 69636573 74612e72 750d0a55    devicesta.ru..U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a6931   ser-Agent: Mozi1
0x00000040 (00064)   6c612f34 2e300d0a 436f6e74 656e742d   la/4.0..Content-
0x00000050 (00080)   54797065 3a206170 706c6963 6174696f   Type: applicatio
0x00000060 (00096)   6e2f782d 7777772d 666f726d 2d75726c   n/x-www-form-url
0x00000070 (00112)   656e636f 6465640d 0a436f6e 74656e74   encoded..Content
0x00000080 (00128)   2d4c656e 6774683a 2038300d 0a436f6e   -Length: 80..Con
0x00000090 (00144)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x000000a0 (00160)   0d0a7570 71636843 34357531 5446462b   ..upqchC45u1TFF+
0x000000b0 (00176)   4a6d6e59 4b474977 694c7158 77794773   JmnYKGIwiLqXwyGs
0x000000c0 (00192)   436f4133 4f757431 41683348 61567351   CoA3Out1Ah3HaVsQ
0x000000d0 (00208)   6a343559 4371474b 326c5866 32507649   j45YCqGK2lXf2PvI
0x000000e0 (00224)   4d65744a 337a4d52 6f504c6b 51393553   MetJ3zMRoPLkQ95S
0x000000f0 (00240)   3438                                  48


Strings