Analysis Date2018-04-19 02:44:31
MD5c183d95180ca9f9f4d394d63590f7ff3
SHA1fd8680e35f21e7d5dfaaa6544986adf3953af829

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash
AVMicroWorld (escan)Trojan.Pakes.ZUF
AVMicrosoft Security EssentialsVirus:Win32/Sality.AM!corrupt
AVPadvishMalware.Trojan.Small-4845
AVCA (E-Trust Ino)Error Scanning File
AVIkarusError Scanning File
AVDr. WebWin32.Sector.4
AVFortinetW32/Pakes.BXP!tr
AVAd-AwareTrojan.Pakes.ZUF
AVSymantecW32.Sality.AB
AVTrend MicroTROJ_PAKES.AJU
AVKasperskyError Scanning File
AVVirusBlokAda (vba32)Trojan.Pakes
AVRisingTrojan.Win32.Agent.baa
AVBitDefenderTrojan.Pakes.ZUF
AVClamAVError Scanning File
AVWindows DefenderVirus:Win32/Sality.AM!corrupt
AVSUPERAntiSpywareTrojan.Agent/Gen-Sality
AVZillya!Error Scanning File
AVEmsisoftTrojan.Pakes.ZUF
AVArcabit (arcavir)Trojan.Pakes.ZUF
AVAlwil (avast)Pakes-AWH [Trj]
AVCAT (quickheal)Trojan.Pakes.gen
AVEset (nod32)Win32/Sality.AB virus
AVMcafeeW32/Sality.stub
AVK7Trojan ( 000217d71 )
AVAvira (antivir)TR/PCK.CryptPack.A
AV360 SafeNo Virus
AVMalwareBytesError Scanning File
AVNANOVirus.Win32.Sality.lreq
AVFrisk (f-prot)W32/Cryptpack.A
AVGrisoft (avg)Win32/Tanatos.A
AVTwisterTrojan.1689C751A310C487
AVF-SecureTrojan.Pakes.ZUF
AVAuthentiumW32/Cryptpack.VFTZ-2892
AVBullGuardError Scanning File

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\fd8680e35f21e7d5dfaaa6544986adf3953af829.exe

Network Details:


Raw Pcap

Strings