File: a285a7853cbebd64c0e7a7f2280c94592466c9f0338c19475b139997e5a1b5a5

Metadata
File name:rejection_invoice_details.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:118784 bytes
Analysis date:2015-05-05 21:42:33
MD5:b4078003d97dd9b62ed8c326418cbde7
SHA1:d1b42a52cabd69828383164973e8729a6945a343
SHA256:a285a7853cbebd64c0e7a7f2280c94592466c9f0338c19475b139997e5a1b5a5
SHA512:d8385913277cde064750ea28b9adb11faa78000ce3897e49399bd40e5e1c9917323b937445487cb079a1c2d0b7c09d2567db7a6d10824462255b6eeba8522ccb
SSDEEP:1536:O5r40ncowoqSCD93TXm+OvD5a2IznYaHjubg:+9coQD93TXOr5a2Issa8
IMPHASH:c3dccfe6048ec139147e82ba1f353f04
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with a285a7853cbebd64c0e7a7f2280c94592466c9f0338c19475b139997e5a1b5a5.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
91.211.17.20191.211.17.201
91.211.17.20191.211.17.201
icanhazip.com23.253.254.67
Hosts
Hosts the malware sample communicates with.
23.253.254.67
209.193.86.222
91.211.17.201
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
23.253.254.67 (icanhazip.com)/Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
91.211.17.201/TL11/4P418AfWFN/0/61-SP1/0/LIBFIBEHJBFFMozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
91.211.17.201/TL11/4P418AfWFN/41/7/4/Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
AV Detections
AV detection names associated with the malware sample.
ALYacTrojan.Agent.BJPJ
AVGCrypt4.ZZI
AVwareTrojan.Win32.Upatre.rf (v)
Ad-AwareTrojan.Agent.BJPJ
AgnitumTrojan.DL.Upatre!
AhnLab-V3Trojan/Win32.Upatre
Antiy-AVLTrojan[Downloader]/Win32.Upatre.moz
ArcabitTrojan.Agent.BJPJ
AvastWin32:GenMalicious-KFY [Trj]
AviraTR/Kryptik.qgmox
Baidu-InternationalTrojan.Win32.Upatre.moz
BitDefenderTrojan.Agent.BJPJ
BkavW32.KryptikDhig.Trojan
CAT-QuickHealTrojanDwnldr.Dalexis.B4
ComodoTrojWare.Win32.TrojanDownloader.Upatre.NEA
CyrenW32/Trojan3.PLD
DrWebTrojan.Upatre.702
ESET-NOD32a variant of Win32/Kryptik.DHIG
EmsisoftTrojan.Agent.BJPJ (B)
F-ProtW32/Trojan3.PLD
F-SecureTrojan.Agent.BJPJ
FortinetW32/Agent.BJST!tr
GDataTrojan.Agent.BJPJ
IkarusTrojan.Win32.Crypt
JiangminBackdoor/Caphaw.ln
K7AntiVirusTrojan ( 004c11461 )
K7GWTrojan ( 004c11461 )
KasperskyTrojan-Downloader.Win32.Upatre.moz
MalwarebytesTrojan.Upatre
McAfeeDownloader-FATU!B4078003D97D
McAfee-GW-EditionBehavesLike.Win32.Downloader.ct
MicroWorld-eScanTrojan.Agent.BJPJ
MicrosoftTrojanDownloader:Win32/Upatre!rfn
NANO-AntivirusTrojan.Win32.Upatre.drhfzb
PandaTrj/Genetic.gen
Qihoo-360HEUR/QVM07.1.Malware.Gen
RisingPE:Malware.Obscure!1.9C59[F1]
SophosTroj/Wonton-RA
SymantecDownloader.Upatre!g14
TencentSH.Trojan.Win32.Agent.c
TrendMicroTROJ_UPATRE.SMJY
TrendMicro-HouseCallTROJ_UPATRE.SMJY
VBA32TrojanDownloader.Upatre
VIPRETrojan.Win32.Upatre.rf (v)
ViRobotTrojan.Win32.Agent.118784.DE[h]
nProtectTrojan-Downloader/W32.Upatre.118784.E
Mutants
Mutants created by the malware sample.
"IESQMMUTEX_0_208"
"Local\_!MSFTHISTORY!_"
"Local\c:!users!pspubws!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\c:!users!pspubws!appdata!roaming!microsoft!windows!cookies!"
"Local\c:!users!pspubws!appdata!local!microsoft!windows!history!history.ie5!"
"Local\WininetStartupMutex"
"Local\WininetConnectionMutex"
"Local\WininetProxyRegistryMutex"
"Local\ZonesCounterMutex"
"Local\ZoneAttributeCacheCounterMutex"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about a285a7853cbebd64c0e7a7f2280c94592466c9f0338c19475b139997e5a1b5a5.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.