Analysis Date2018-05-07 02:30:03
MD52db4d85f6ae9889b9c5d12210486ec0f
SHA1fb3d98446cfdf76cf8416dfdac474607087f2365

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVArcabit (arcavir)Gen:Variant.Symmi.36259
AVAuthentiumW32/Risk.FJRN-7411
AVGrisoft (avg)Generic6.VUI
AVAvira (antivir)TR/Dropper.Gen
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareError Scanning File
AVBitDefenderError Scanning File
AVBullGuardGen:Variant.Symmi.36259
AVClamAVWin.Trojan.Agent-357629
AVDr. WebTrojan.Bweah
AVEmsisoftGen:Variant.Symmi.36259
AVMicroWorld (escan)Gen:Variant.Symmi.36259
AVCA (E-Trust Ino)Gen:Variant.Symmi.36259
AVFortinetW32/Xorer.DR!tr
AVFrisk (f-prot)W32/MalwareS.BKDG
AVF-SecureGen:Variant.Symmi.36259
AVIkarusWorm.Win32.Small
AVK7Trojan ( 00007dad1 )
AVKasperskyTrojan-PSW.Win32.Ruftar.bfuu
AVMalwareBytesWorm.AutoRun
AVMcafeeW32/Autorun.worm.bfz
AVMicrosoft Security EssentialsVirus:Win32/Fipeg.gen!A
AVNANOTrojan.Win32.Cossta.ctljs
AVEset (nod32)Win32/Small.NAV worm
AVPadvishMalware.Trojan.Agent-286621
AVCAT (quickheal)W32.Xorer.A4
AVRisingWorm.Agent.xg
AV360 SafeVirus.Win32.Diskgen.AE
AVSUPERAntiSpywareNo Virus
AVSymantecW32.Pagipef
AVTrend MicroMal_Otorun7
AVTwisterVirus.0ACF514989929FD7
AVVirusBlokAda (vba32)TrojanPSW.Ruftar
AVWindows DefenderVirus:Win32/Fipeg.gen!A
AVZillya!Trojan.Small.Win32.27681

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\fb3d98446cfdf76cf8416dfdac474607087f2365.exe

Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb
Creates FileC:\Users\Phil\AppData\Local\Temp\fb3d98446cfdf76cf8416dfdac474607087f2365.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\fb3d98446cfdf76cf8416dfdac474607087f2365.~tmp

Process
↳ C:\Windows\SysWOW64\drivers\lsass.exe

Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb
Creates FileC:\Windows\System32\drivers\lsass.exe
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmd.pif
Creates FileC:\Windows\System32\drivers\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\fb3d98446cfdf76cf8416dfdac474607087f2365.~tmp

Creates FileC:\Users\Phil\AppData\Local\Temp\dd_fb3d98446cfdf76cf8416dfdac474607087f2365_decompression_log.txt
Creates FileC:\Users\Phil\AppData\Local\Temp\fb3d98446cfdf76cf8416dfdac474607087f2365.~tmp
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Users\Phil\AppData\Local\Temp\fb3d98446cfdf76cf8416dfdac474607087f2365.~tmp
Creates FileC:\71b51813d8f8def77578\header.bmp
Creates FileC:\71b51813d8f8def77578\SplashScreen.bmp
Creates FileC:\71b51813d8f8def77578\watermark.bmp
Creates FileC:\71b51813d8f8def77578\Graphics\Print.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate1.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate2.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate3.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate4.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate5.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate6.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate7.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Rotate8.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Save.ico
Creates FileC:\71b51813d8f8def77578\Graphics\Setup.ico
Creates FileC:\71b51813d8f8def77578\Graphics\stop.ico
Creates FileC:\71b51813d8f8def77578\Graphics\SysReqMet.ico
Creates FileC:\71b51813d8f8def77578\Graphics\SysReqNotMet.ico
Creates FileC:\71b51813d8f8def77578\Graphics\warn.ico
Creates FileC:\71b51813d8f8def77578\2052\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1028\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1025\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1030\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1029\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1031\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1032\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1042\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1041\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1037\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1033\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1035\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1040\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\3082\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1038\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1036\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1053\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1055\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1046\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1044\LocalizedData.xml
Creates FileC:\71b51813d8f8def77578\1043\LocalizedData.xml

Process
↳ C:\71b51813d8f8def77578\Setup.exe

RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\VSSetup\EventMessageFile ➝
C:\71b51813d8f8def77578\DW\DW20.exe
RegistryHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\VSSetup\TypesSupported ➝
7
Creates FileC:\Users\Phil\AppData\Local\Temp\HFID641.tmp
Creates FileC:\Users\Phil\AppData\Local\Temp\HFID6A0.tmp
Creates FileC:\Users\Phil\AppData\Local\Temp\HFID6A0.tmp.html
Creates FileC:\Users\Phil\AppData\Local\Temp\HFID6A0.tmp.html
Creates FileC:\Users\Phil\AppData\Local\Temp\HFID941.tmp
Creates FileC:\Users\Phil\AppData\Local\Temp\Setup_20180506_165818250.html
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls

Network Details:


Raw Pcap

Strings