File: 6b2282ab8d5c0de940a9ea029a844a33a28c0fa870469aa8cebcc810f5508d25
Metadata
| 2017-04-04-Kovter-from-UPS-malspam.exe | |
| PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | 369850 bytes |
| 2017-04-05 06:44:36 | |
| 921adfe60a7faaf342e70943ba7b496a | |
| a5ad209889f782a27e7ec44ee88654e83250896c | |
| 6b2282ab8d5c0de940a9ea029a844a33a28c0fa870469aa8cebcc810f5508d25 | |
| 364738fbd21a0458437f640503b91e8e38f131ece2a2bd3ca380e379c6ef11072c74a472a4174d945bcf29f5e8c2b8494c15fbd8f452388206a47207c2313fb8 | |
| 6144:hvIk+Q4CvanUqbOghGGqk4eq8Gl1MBPIe37v/2o37p4R3ZqrlIxIqDFjGSNAaJf5:O2an5OghGHbebGl1MB5WsORElIC8FtAk | |
| 92f65a054fb7219ab3b78436a6481aaa | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with 6b2282ab8d5c0de940a9ea029a844a33a28c0fa870469aa8cebcc810f5508d25.
Cyber threat intelligence reports associated with 6b2282ab8d5c0de940a9ea029a844a33a28c0fa870469aa8cebcc810f5508d25.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
| ALYac | Trojan.Dropper.Kovter |
| AVG | Atros5.AHYG |
| Ad-Aware | Gen:Variant.Strictor.130075 |
| AegisLab | Gen.Variant.Strictor!c |
| Arcabit | Trojan.Strictor.D1FC1B |
| Avast | Win32:Malware-gen |
| Avira | TR/Crypt.ZPACK.umxni |
| BitDefender | Gen:Variant.Strictor.130075 |
| CrowdStrike | malicious_confidence_92% (W) |
| Cyren | W32/Trojan.HKST-5866 |
| DrWeb | Trojan.Kovter.297 |
| ESET-NOD32 | a variant of Win32/Kryptik.FQTO |
| Emsisoft | Gen:Variant.Strictor.130075 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Kovter.AX |
| F-Secure | Gen:Variant.Strictor.130075 |
| Fortinet | W32/GenKryptik.AAEF!tr |
| GData | Gen:Variant.Strictor.130075 |
| Ikarus | Trojan-Ransom.Kovter |
| Invincea | generic.a |
| Kaspersky | Trojan.Win32.Poweliks.vgu |
| Malwarebytes | Ransom.Kovter |
| McAfee | Artemis!921ADFE60A7F |
| McAfee-GW-Edition | Artemis |
| MicroWorld-eScan | Gen:Variant.Strictor.130075 |
| Paloalto | generic.ml |
| Rising | Malware.Generic.1!tfe (thunder:1:LUacKGnyAYS) |
| SentinelOne | static engine - malicious |
| Sophos | Mal/Kovter-Z |
| Symantec | Trojan.Gen.2 |
| TrendMicro-HouseCall | TROJ_GEN.R047H0CD517 |
| Webroot | W32.Malware.gen |
| ZoneAlarm | Trojan.Win32.Poweliks.vgu |
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_CURRENT_USER\Software\Borland\Locales |
| HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion |
| HKEY_LOCAL_MACHINE\software\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Comments
User comments about 6b2282ab8d5c0de940a9ea029a844a33a28c0fa870469aa8cebcc810f5508d25.
User comments about 6b2282ab8d5c0de940a9ea029a844a33a28c0fa870469aa8cebcc810f5508d25.
