File: 21fd3ae9ad43d66dafb94aab22d985d44805df86912882476d840110ab1347f1

Metadata
File name:TeslaCrypt.zzz.mal
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:265216 bytes
Analysis date:2016-05-09 03:43:17
MD5:1dd542bf3c1781df9a335f74eacc82a4
SHA1:8eb9310198a866838ba45f1f9cf5179ee5e06337
SHA256:21fd3ae9ad43d66dafb94aab22d985d44805df86912882476d840110ab1347f1
SHA512:0956af2fb0f93a7ab21679063dffdb0e39343cc38f1e2b361b795797834f76ae63dcdc74c852bcfae9681c6b292cfe7925a1008ba1b0412b1f9a4487a4111a7e
SSDEEP:6144:15AuBByMYlTVIs/1WhNjUaMcFom4RM6LhuFQm0H5AE8YfC1cHFRBBE:nAyYlxIs4ewoNzRm0H5EYaCFb
IMPHASH:5efda9a62f542337104a8a873733faf4
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 21fd3ae9ad43d66dafb94aab22d985d44805df86912882476d840110ab1347f1.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
ipinfo.io54.183.37.222
goijsert5liuasdf7.l5news9ndbe3f.comN/A
vmnpoius5e8s.awsfdmn342ned.comN/A
djdkduep62kz4nzx.tor2web.blutmagie.deN/A
djdkduep62kz4nzx.tor2web.org38.229.70.4
Hosts
Hosts the malware sample communicates with.
52.9.2.194
38.229.70.4
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
ipinfo.io/ipMozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
AV Detections
AV detection names associated with the malware sample.
ALYacGen:Variant.Razy.33235
AVGCrypt4.AVOQ
AVwareTrojan.Win32.Generic!BT
Ad-AwareGen:Variant.Razy.33235
AegisLabTroj.Ransom.W32.Bitman.tk!c
AhnLab-V3Trojan/Win32.Fareit
Antiy-AVLTrojan/Win32.TGeneric
ArcabitTrojan.Razy.D81D3
AvastWin32:TeslaCrypt-HH [Trj]
AviraTR/Crypt.Xpack.43765
Baidu-InternationalTrojan.Win32.Ransom.tk
BitDefenderGen:Variant.Razy.33235
BkavW32.Clod30f.Trojan.cb03
CAT-QuickHealTrojan.Generic.B4
ComodoUnclassifiedMalware
ESET-NOD32a variant of Win32/Kryptik.DMGE
EmsisoftGen:Variant.Razy.33235 (B)
F-SecureGen:Variant.Razy.33235
FortinetW32/Deshacop.DMGE!tr
GDataGen:Variant.Razy.33235
IkarusTrojan.Win32.Crypt
K7AntiVirusTrojan ( 004c5ed41 )
K7GWTrojan ( 004c5ed41 )
KasperskyTrojan-Ransom.Win32.Bitman.tk
MalwarebytesTrojan.Agent.IDK
McAfeeArtemis!1DD542BF3C17
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
MicroWorld-eScanGen:Variant.Razy.33235
MicrosoftRansom:Win32/Crowti
NANO-AntivirusTrojan.Win32.Deshacop.dtbtss
PandaTrj/Genetic.gen
Qihoo-360HEUR/QVM10.1.Malware.Gen
RisingPE:Malware.Generic/QRS!1.9E2D [F]
SophosTroj/Bitman-B
SymantecTrojan.Gen.2
TencentWin32.Trojan.Bitman.Ecuv
TheHackerTrojan/Kryptik.dmge
TrendMicroTROJ_CRYPTESLA.XXQY
TrendMicro-HouseCallTROJ_CRYPTESLA.XXQY
VBA32Hoax.Bitman
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.Z.Deshacop.265216[h]
YandexTrojan.Deshacop!
ZillyaTrojan.Deshacop.Win32.74
nProtectTrojan/W32.Bitman.265216
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Accessibility\Handlers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
HKEY_CLASSES_ROOT\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\HELPDIR
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{03022430-ABC4-11D0-BDE2-00AA001A1953}\TypeLib
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{28D78FAD-5A12-11D1-AE5B-0000F803A8C2}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Control Panel\Desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}
CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs
\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}
\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32
\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServerX86
\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\LocalServer32
\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandler32
\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandlerX86
\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}
HKEY_CLASSES_ROOT\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs
CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}
CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServerX86
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\LocalServer32
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandler32
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandlerX86
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}
HKEY_CLASSES_ROOT\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\DirectShow\PushClock
CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}
CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\TreatAs
\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}
\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32
\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServerX86
\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\LocalServer32
\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocHandler32
\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocHandlerX86
\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}
HKEY_CLASSES_ROOT\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\msys\
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Intel Hardware Cryptographic Service Provider
HKEY_CURRENT_USER\Software\CFBAE0DD2329983E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Debug\Tracing
Comments
User comments about 21fd3ae9ad43d66dafb94aab22d985d44805df86912882476d840110ab1347f1.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.