Analysis Date2018-05-13 02:09:12
MD50092b23eeec95fa3c92ef80caa5a3b45
SHA1f9447fb9877923340293d65bf76ed906f506984a

Static Details:

AVArcabit (arcavir)Gen:Variant.Symmi.10652
AVAuthentiumW32/A-27762b68!Eldorado
AVGrisoft (avg)Win32/Virut
AVAvira (antivir)TR/Crypt.XPACK.Gen
AVAlwil (avast)Error Scanning File
AVAd-AwareGen:Variant.Symmi.10652
AVBitDefenderGen:Variant.Symmi.10652
AVBullGuardGen:Variant.Symmi.10652
AVClamAVError Scanning File
AVDr. WebTrojan.Winlock.8775
AVEmsisoftGen:Variant.Symmi.10652
AVMicroWorld (escan)Gen:Variant.Symmi.10652
AVCA (E-Trust Ino)Error Scanning File
AVFortinetNo Virus
AVFrisk (f-prot)W32/A-27762b68!Eldorado
AVF-SecureGen:Variant.Symmi.10652
AVIkarusError Scanning File
AVK7Error Scanning File
AVKasperskyError Scanning File
AVMalwareBytesBackdoor.Bot
AVMcafeeBackDoor-FCEE!0092B23EEEC9
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)MSIL/Bladabindi.L
AVPadvishNo Virus
AVCAT (quickheal)Trojan.MSILCryptor.MUE.A4
AVRisingBackdoor.Win32.Bindi.a
AV360 SafeNo Virus
AVSUPERAntiSpywareTrojan.Agent/Gen-GalPic
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterTrojan.195B4B40E745F78C
AVVirusBlokAda (vba32)Hoax.Blocker
AVWindows DefenderBackdoor:MSIL/Bladabindi
AVZillya!Trojan.Blocker.Win32.4914

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\f9447fb9877923340293d65bf76ed906f506984a.exe

Creates Mutex

Network Details:


Raw Pcap

Strings