Analysis Date2018-04-14 14:28:00
MD5f402a72ac040157e87a0c94fae67d3c0
SHA1e847fdda2a8a4dfa1663ac33629911a83460b802

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Trojan.Androm.Gen.1
AVAuthentiumW32/A-65ff5a5a!Eldorado
AVGrisoft (avg)Win32/Karagany
AVAvira (antivir)TR/Spy.ZBot.4198412
AVAlwil (avast)Karagany
AVAlwil (avast)Win32:Karagany
AVAd-AwareTrojan.Androm.Gen.1
AVBitDefenderTrojan.Androm.Gen.1
AVBullGuardTrojan.Androm.Gen.1
AVClamAVNo Virus
AVDr. WebTrojan.PWS.Panda.2401
AVEmsisoftTrojan.Androm.Gen.1
AVMicroWorld (escan)Trojan.Androm.Gen.1
AVCA (E-Trust Ino)Trojan.Androm.Gen.1
AVFortinetW32/Lockscreen.LOA!tr
AVFrisk (f-prot)No Virus
AVF-SecureTrojan.Androm.Gen.1
AVIkarusNo Virus
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.FakeMS.ED
AVMcafeePWS-Zbot-FAJD!F402A72AC040
AVMicrosoft Security EssentialsPWS:Win32/Zbot
AVNANOTrojan.Win32.Panda.crdeol
AVEset (nod32)Win32/Kryptik.BAIR
AVPadvishNo Virus
AVCAT (quickheal)TrojanRansom.Crowti.MUE.A4
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecPacked.Generic.459
AVTrend MicroTROJ_KRYPTK.SML3
AVTwisterSuspicious.558BEC#0000@2.mg
AVVirusBlokAda (vba32)Error Scanning File
AVWindows DefenderPWS:Win32/Zbot
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\e847fdda2a8a4dfa1663ac33629911a83460b802.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\D
Creates FileC:\Users\Phil\AppData\Local\Temp\D
Creates FileC:\Users\Phil\AppData\Local\Temp\e847fdda2a8a4dfa1663ac33629911a83460b802.exe

Network Details:


Raw Pcap

Strings