Analysis Date2018-05-14 09:18:17
MD5c4172dcc3f5b431665dfcd98da2a3041
SHA1eecc21e86dfe9eb29d728b7b7d0b4c272c34c591

Static Details:

AVArcabit (arcavir)Gen:Variant.Symmi.79042
AVAuthentiumW32/A-3e7aeab6!Eldorado
AVGrisoft (avg)Luhe.Fiha.A
AVAvira (antivir)TR/Dropper.Gen
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.Symmi.79042
AVBitDefenderGen:Variant.Symmi.79042
AVBullGuardGen:Variant.Symmi.79042
AVClamAVNo Virus
AVDr. WebNo Virus
AVEmsisoftGen:Variant.Symmi.79042
AVMicroWorld (escan)Gen:Variant.Symmi.79042
AVCA (E-Trust Ino)Gen:Variant.Graftor.159536
AVFortinetW32/Trojan.FPCE!tr
AVFrisk (f-prot)W32/A-3e7aeab6!Eldorado
AVF-SecureGen:Variant.Symmi.79042
AVIkarusTrojan.MSIL.Bladabindi
AVK7Trojan ( 003d803c1 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Facebook
AVMcafeeTrojan-FPCE!C4172DCC3F5B
AVMicrosoft Security EssentialsNo Virus
AVNANOError Scanning File
AVEset (nod32)MSIL/Bladabindi.L
AVPadvishNo Virus
AVCAT (quickheal)Trojan.MSILCryptor.MUE.A4
AVRisingBackdoor.Win32.Bindi.a
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-Downloader
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterTrojan.ABFDF10990CD327B
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderBackdoor:MSIL/Bladabindi
AVZillya!Backdoor.PePatch.Win32.73251

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\eecc21e86dfe9eb29d728b7b7d0b4c272c34c591.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Users\Phil\AppData\Local\Temp\eecc21e86dfe9eb29d728b7b7d0b4c272c34c591.exe.config
Creates FileC:\Users\Phil\AppData\Local\Temp\eecc21e86dfe9eb29d728b7b7d0b4c272c34c591.exe
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
Creates FileC:\Users\Phil\AppData\Local\Temp\eecc21e86dfe9eb29d728b7b7d0b4c272c34c591.exe.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
Creates FileC:\Windows\assembly\NativeImages_v2.0.50727_32\indexa0.dat
Creates FileC:\Windows\System32\l_intl.nls
Creates FileC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Creates FileC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Creates FileC:\Windows\assembly\pubpol4.dat
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config

Network Details:


Raw Pcap

Strings