File: 80814d00405abfb9d59a965c7f716a63905a36514f9adaf2e8f9dd3abb0a380d

Metadata
File name:invalidation_invoice_form.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:38400 bytes
Analysis date:2015-05-06 13:11:44
MD5:3709dabbdb6f74145131fb5123ae040a
SHA1:db48aa6e55536b03e5619b71ffef1650fb0edac1
SHA256:80814d00405abfb9d59a965c7f716a63905a36514f9adaf2e8f9dd3abb0a380d
SHA512:8f435347da95bfab75f9f9c67b8ff2c43350a9810a38a54a681cb38680da1bf3f9129f4243ef75126973ca3eaf035e99216b362d3daf894310def9e6b7764823
SSDEEP:384:Xtc5mHqKK3Zvp6yKHf4GQTBwEbUFiifjugaa3fKWFbWVmZcHE5nOodhH7Nj:XpHY3Zxmf3WCiibugaaSW9WoX5nOI5j
IMPHASH:7e511213a7e2e5ad2ad09f81d1209ad0
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 80814d00405abfb9d59a965c7f716a63905a36514f9adaf2e8f9dd3abb0a380d.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
91.211.17.20191.211.17.201
icanhazip.com166.78.246.145
Hosts
Hosts the malware sample communicates with.
166.78.246.145
91.211.17.201
184.164.97.239
68.232.34.200
63.236.252.130
207.46.101.29
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
166.78.246.145 (icanhazip.com)/Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
91.211.17.201/VK22/C4Z04Sr8co/0/62/0/LIBFIBEHJBFFMozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
AV Detections
AV detection names associated with the malware sample.
AVGAgent
AVwareTrojan.Win32.Generic!BT
Ad-AwareTrojan.Upatre.Gen.3
AgnitumTrojan.DL.Upatre!
AhnLab-V3Trojan/Win32.Upatre
Antiy-AVLTrojan[Downloader]/Win32.Upatre
ArcabitTrojan.Upatre.Gen.3
AvastWin32:Dyre-K [Trj]
AviraTR/Crypt.ZPACK.148983
Baidu-InternationalTrojan.Win32.Upatre.mxp
BitDefenderTrojan.Upatre.Gen.3
CAT-QuickHealTrojan.Kadena.B4
ComodoTrojWare.Win32.TrojanDownloader.Upatre.MAUA
CyrenW32/Dalexis.J.gen!Eldorado
DrWebTrojan.Upatre.1133
ESET-NOD32a variant of Win32/Kryptik.DHKE
EmsisoftTrojan.Upatre.Gen.3 (B)
F-ProtW32/Dalexis.J.gen!Eldorado
F-SecureTrojan.Upatre.Gen.3
FortinetW32/Kryptik.DHHC!tr
GDataTrojan.Upatre.Gen.3
IkarusTrojan.Win32.Crypt
JiangminTrojanDownloader.Upatre.pcq
K7AntiVirusTrojan ( 004c127e1 )
K7GWTrojan ( 004c127e1 )
KasperskyHEUR:Trojan.Win32.Generic
MalwarebytesTrojan.Upatre
McAfeeDownloader-FASG!3709DABBDB6F
McAfee-GW-EditionDownloader-FASG!3709DABBDB6F
MicroWorld-eScanTrojan.Upatre.Gen.3
MicrosoftTrojanDownloader:Win32/Upatre.BL
PandaTrj/Genetic.gen
Qihoo-360HEUR/QVM20.1.Malware.Gen
RisingPE:Trojan.Win32.Kryptik.af!1616481[F1]
SophosTroj/Dyreza-ET
SymantecDownloader.Upatre
TrendMicroTROJ_UPATRE.SMNF2
TrendMicro-HouseCallTROJ_UPATRE.SMNF2
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.A.Downloader.38400.FX[h]
ZillyaDownloader.CTBLocker.Win32.6
nProtectTrojan.Upatre.Gen.3
Mutants
Mutants created by the malware sample.
"Local\ZonesCacheCounterMutex"
"Local\ZonesLockedCacheCounterMutex"
"Global\SyncRootManager"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about 80814d00405abfb9d59a965c7f716a63905a36514f9adaf2e8f9dd3abb0a380d.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.