File: cbcaf8e0640bf0c3adef4c65520ffd3abff2d24f5cc09328516baa5b542902f0

Metadata
File name:word.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:315904 bytes
Analysis date:2016-04-19 06:56:59
MD5:3ca97b011cccf4ec1ad44d43a2e75a0e
SHA1:f87e43cb82705a04a31d5c55d0bf647f99762181
SHA256:cbcaf8e0640bf0c3adef4c65520ffd3abff2d24f5cc09328516baa5b542902f0
SHA512:cfbae6b829fb4502564fd0d2491a8f62a32f9e9d7316a4840b1328d12a72cc9893f329e266cc40703bbe193881d0e40a173a782a9d90ddffaaf6e7b41c678fce
SSDEEP:6144:xlgFIY+zftlrcZIMtu/9xp9pXsGKLu8NkvH9lA:xlfTtlKIE0ftmxc3A
IMPHASH:fd20234877bf9a116e7b40c084684473
Authentihash:N/A
Related resources
PE TypePE32
MIME Typeapplication/octet-stream
Linker Version9.0
Uninitialized Data SizeN/A
Initialized Data Size218112
Image Version0.0
File TypeWin32 EXE
File Size308 kB
Machine TypeIntel 386 or later, and compatibles
Subsystem Version5.0
SubsystemWindows GUI
Code Size96768
OS Version5.0
Entry Point0x846f
Source:
APTNotes
Cyber threat intelligence reports associated with cbcaf8e0640bf0c3adef4c65520ffd3abff2d24f5cc09328516baa5b542902f0.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Qihoo-360HEUR/QVM10.1.0000.Malware.Gen
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{00021401-0000-0000-C000-000000000046}
CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00021401-0000-0000-C000-000000000046}
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Control Panel\Desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32
Drivers\wave
Drivers\wave\wdmaud.drv
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{3E227E76-690D-11D2-8161-0000F8775BF1}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{3E227E76-690D-11D2-8161-0000F8775BF1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{3E227E76-690D-11D2-8161-0000F8775BF1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}
Drivers\midi
Drivers\midi\wdmaud.drv
Drivers\aux
Drivers\aux\wdmaud.drv
Drivers\mixer
Drivers\mixer\wdmaud.drv
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Multimedia\Sound Mapper
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Wave Mapper\wdmaud.drv
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Software\Microsoft\Multimedia\Sound Mapper
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Software\Microsoft\Windows\CurrentVersion\Multimedia\MIDIMap
CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}
CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\TreatAs
\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}
\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32
\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServerX86
\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\LocalServer32
\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocHandler32
\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocHandlerX86
\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}
HKEY_CLASSES_ROOT\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}
CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}\TreatAs
\CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}
\CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}\InprocServer32
\CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}\InprocServerX86
\CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}\LocalServer32
\CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}\InprocHandler32
\CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}\InprocHandlerX86
\CLSID\{BA126AE5-2166-11D1-B1D0-00805FC1270E}\LocalServer
\AppID\{27AF75ED-20D9-11D1-B1CE-00805FC1270E}
CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}
CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}\TreatAs
\CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}
\CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}\InprocServer32
\CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}\InprocServerX86
\CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}\LocalServer32
\CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}\InprocHandler32
\CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}\InprocHandlerX86
\CLSID\{33C4643C-7811-46FA-A89A-768597BD7223}\LocalServer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections
HKEY_CLASSES_ROOT\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
HKEY_CLASSES_ROOT\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
HKEY_CLASSES_ROOT\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\
Comments
User comments about cbcaf8e0640bf0c3adef4c65520ffd3abff2d24f5cc09328516baa5b542902f0.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.