Analysis Date2018-06-06 11:42:23
MD5e474cb771bf5674e9c20f822b73ade2b
SHA1ffced13ce43dc4141e333d6bc6333b37e4a35a1f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 81755eb1b78c37ab51cf028464defab7 sha1: 733d52db2d32164335dd4e99772024cbb9569ff3 size: 73216
Section.rdata md5: 8711b2c7aa38e42aa4888bd088ced3a6 sha1: 769c2bcbb25f64cfab0db1cd20c429dd427641aa size: 9216
Section.data md5: 1b8db23f712cdcefed778682c7451ee1 sha1: a724be04beaddc7114fc9c74b388da239ae1f0dc size: 13312
Section.rsrc md5: b60d69c18358169d87ec877f808d3451 sha1: 85eabc1117067f3f6a7883c746473d3609cd5371 size: 53248
Timestamp2015-08-02 14:48:35
VersionLegalCopyright: Copyright (C) 2014 - Marc Ochsenmeier
InternalName: PeStudioPrompt.exe
FileVersion: 8, 7, 0, 0
CompanyName: www.winitor.com
LegalTrademarks: www.winitor.com
Comments: Windows Executable Anomalies Indicator
ProductName: PeStudioPromt
ProductVersion: 8, 7, 0, 0
FileDescription: Windows Executable Analysis - www.winitor.com
OriginalFilename: PeStudioPrompt.exe
PackerMicrosoft Visual C++ ?.?
PEhashef19102f133202e86ac50859b8c485955ed5bba6
IMPhashd1ddf9901ddb3ab23e31803882d38516
AVCA (E-Trust Ino)no_virus
AVF-SecureTrojan.GenericKD.2613866
AVDr. WebTrojan.PWS.Multi.911
AVClamAVno_virus
AVArcabit (arcavir)Trojan.GenericKD.2613866
AVBullGuardTrojan.GenericKD.2613866
AVPadvishno_virus
AVVirusBlokAda (vba32)no_virus
AVCAT (quickheal)no_virus
AVTrend Microno_virus
AVKasperskyBackdoor.Win32.Androm.htyb
AVZillya!no_virus
AVEmsisoftTrojan.GenericKD.2613866
AVIkarusTrojan.Win32.Crypt
AVFrisk (f-prot)no_virus
AVAuthentiumW32/Agent.XL.gen!Eldorado
AVMalwareBytesSpyware.Password
AVMicroWorld (escan)Trojan.GenericKD.2613866
AVMicrosoft Security EssentialsWorm:Win32/Gamarue.AR
AVK7Trojan ( 004c9f551 )
AVBitDefenderTrojan.GenericKD.2613866
AVFortinetno_virus
AVSymantecTrojan.Gen.2
AVGrisoft (avg)Win32/Cryptor
AVEset (nod32)Win32/Kryptik.DSEA
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVAd-AwareTrojan.GenericKD.2613866
AVTwisterno_virus
AVAvira (antivir)TR/Crypt.ZPACK.55700
AVMcafeeno_virus
AVRisingno_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\ffced13ce43dc4141e333d6bc6333b37e4a35a1f.exe

Network Details:

DNSeurope.pool.ntp.org
Type: A
193.4.58.44
DNSeurope.pool.ntp.org
Type: A
37.187.2.84
DNSeurope.pool.ntp.org
Type: A
131.234.137.24
DNSeurope.pool.ntp.org
Type: A
178.33.50.131
DNSnorth-america.pool.ntp.org
Type: A
172.82.134.52
DNSnorth-america.pool.ntp.org
Type: A
72.14.183.239
DNSnorth-america.pool.ntp.org
Type: A
74.120.8.2
DNSnorth-america.pool.ntp.org
Type: A
104.131.51.97
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.16
DNSsouth-america.pool.ntp.org
Type: A
54.232.82.232
DNSsouth-america.pool.ntp.org
Type: A
190.139.102.146
DNSsouth-america.pool.ntp.org
Type: A
200.1.19.4
DNSasia.pool.ntp.org
Type: A
80.241.0.72
DNSasia.pool.ntp.org
Type: A
157.7.153.56
DNSasia.pool.ntp.org
Type: A
211.233.40.78
DNSasia.pool.ntp.org
Type: A
62.201.215.14
DNSoceania.pool.ntp.org
Type: A
130.102.128.23
DNSoceania.pool.ntp.org
Type: A
192.189.54.33
DNSoceania.pool.ntp.org
Type: A
203.23.237.200
DNSoceania.pool.ntp.org
Type: A
130.102.2.123
DNSafrica.pool.ntp.org
Type: A
41.231.7.85
DNSafrica.pool.ntp.org
Type: A
146.231.129.86
DNSafrica.pool.ntp.org
Type: A
197.157.194.21

Raw Pcap

Strings