Analysis Date2018-04-20 03:30:15
MD5d241912448585c4f9b89ff011605c248
SHA1d867a7758e9d86536f5ac0031b4384aff2869192

Static Details:

AVCAT (quickheal)TrojanSpy.Nivdort.WR4
AVRisingNo Virus
AVCA (E-Trust Ino)Gen:Variant.Razy.18137
AVVirusBlokAda (vba32)No Virus
AV360 SafeNo Virus
AVKasperskyTrojan.Win32.Generic
AVZillya!No Virus
AVIkarusTrojan.Win32.Bayrob
AVClamAVNo Virus
AVNANOTrojan.Win32.Bayrob.dzrqrh
AVPadvishNo Virus
AVTrend MicroNo Virus
AVFrisk (f-prot)W32/Nivdort.H.gen!Eldorado
AVMcafeeTrojan-FHRG!D24191244858
AVDr. WebTrojan.DownLoader18.65320
AVEset (nod32)Win32/Bayrob.AT.gen
AVF-SecureGen:Variant.Kazy.790778
AVAuthentiumW32/Nivdort.H.gen!Eldorado
AVWindows DefenderTrojanSpy:Win32/Nivdort
AVSUPERAntiSpywareError Scanning File
AVFortinetW32/Bayrob.AQ!tr
AVBullGuardGen:Variant.Kazy.790778
AVAlwil (avast)Vupa [Cryp]
AVSymantecTrojan.Bayrob!gen6
AVGrisoft (avg)Win32/Cryptor
AVMalwareBytesNo Virus
AVTwisterNo Virus
AVEmsisoftGen:Variant.Kazy.790778
AVArcabit (arcavir)Gen:Variant.Kazy.790778
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort
AVAvira (antivir)TR/Nivdort.A.25842
AVBitDefenderGen:Variant.Kazy.790778
AVAd-AwareGen:Variant.Kazy.790778
AVMicroWorld (escan)Gen:Variant.Kazy.790778
AVK7Error Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\d867a7758e9d86536f5ac0031b4384aff2869192.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\trlrnvkvb\lpcmhqzp
Creates FileC:\trlrnvkvb\lpcmhqzp
Creates Filec:\Users\Phil\AppData\Local\Temp\d867a7758e9d86536f5ac0031b4384aff2869192.exe
Creates FileC:\trlrnvkvb\iu4cefbsvn8cpxumzhgl.exe

Process
↳ C:\trlrnvkvb\iu4cefbsvn8cpxumzhgl.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\trlrnvkvb\lpcmhqzp
Creates FileC:\trlrnvkvb\lpcmhqzp
Creates FileC:\trlrnvkvb\upeuav
Creates FileC:\trlrnvkvb\run

Process
↳ C:\trlrnvkvb\biboizoweg.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\trlrnvkvb\lpcmhqzp
Creates FileC:\trlrnvkvb\lpcmhqzp
Creates FileC:\trlrnvkvb\upeuav

Network Details:


Raw Pcap

Strings