File: ce161583337e9e0739014c9392db84d62e31c243e7962964162cb02e83a89954

Metadata
File name:office.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:503808 bytes
Analysis date:2016-04-12 19:18:44
MD5:075e987656c3cc19ec447b4a39c09709
SHA1:18e14b6f4e8254bfc33b833c6ab9385895deb712
SHA256:ce161583337e9e0739014c9392db84d62e31c243e7962964162cb02e83a89954
SHA512:37d66f16ae4c7f18d45cb7da9698f45df2a4ec57b56b5761fe6a4420687619063d0638da96c70f18d8faf0e72aadc9530eb96dafe72c6923359a9d5e3975c356
SSDEEP:12288:KxtXFo7HmNmKSg8yLAl39ZahhijKmtUcE:Rvbt1nZahg2cE
IMPHASH:eaa8cc77fba0adbf8476a74b52936017
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with ce161583337e9e0739014c9392db84d62e31c243e7962964162cb02e83a89954.
Loading...
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
z1.zedo.com/robots.txt
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_USERS\
HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\office.exe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
{dda3f824-d8cb-441b-834d-be2efd2c1a33}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\zedo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zedo.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandler32
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandlerX86
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}
CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServer32
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServerX86
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer32
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandler32
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandlerX86
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}
HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\MS TCP Loopback interface
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
Comments
User comments about ce161583337e9e0739014c9392db84d62e31c243e7962964162cb02e83a89954.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.