File: cf6ebd60cd7c46a0c17dc192322f4cd4fc93b44add0dae17abb0d6c0c203cf9e
Metadata
| _00220000_cut.exe | |
| PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | 353424 bytes |
| 2017-04-05 01:06:37 | |
| db19cdab0625fb27e64972d6fb195248 | |
| 2c1b0fb35c8d4d2ce28190dc5e0ceeabddad35dc | |
| cf6ebd60cd7c46a0c17dc192322f4cd4fc93b44add0dae17abb0d6c0c203cf9e | |
| 96c993933aa35f2837b0cb9891f33b89896d63a4d5d5861e0ec833496de46775e5f389c6863e76f9f9a14b960ab5597a376d9762e1769b2033b3c36c7924ad4f | |
| 6144:blYfdGUR3wSUpbzBzTqpNRFZgb0ds+Wv8HNRds5+oJ6jUZzIgA5rL9cwo+i:BYfdGeASUhINdgb0fHts5UuIbrxcwo+i | |
| d811ff4ed0016bf5b5351ca801c4d6d4 | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with cf6ebd60cd7c46a0c17dc192322f4cd4fc93b44add0dae17abb0d6c0c203cf9e.
Cyber threat intelligence reports associated with cf6ebd60cd7c46a0c17dc192322f4cd4fc93b44add0dae17abb0d6c0c203cf9e.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
| Host | URL | User-Agent |
|---|---|---|
| statcs.s76.r53.com.ua | /addrecord.php?apikey=COSLb0cVd9bCx1vp&compuser=HOME|User&sid=irlmHunMm3S3KXH7&phase=WIN_5.1_32|ADMIN_YES|INT_0 | Mozilla/4.0 (compatible; Synapse) |
| statcs.s76.r53.com.ua | /addrecord.php?apikey=COSLb0cVd9bCx1vp&compuser=HOME|User&sid=irlmHunMm3S3KXH7&phase=START | Mozilla/4.0 (compatible; Synapse) |
| statcs.s76.r53.com.ua | /addrecord.php?apikey=COSLb0cVd9bCx1vp&compuser=HOME|User&sid=irlmHunMm3S3KXH7&phase=LOCAL_3E1F515DB4D2D3E7 | Mozilla/4.0 (compatible; Synapse) |
| statcs.s76.r53.com.ua | /addrecord.php?apikey=COSLb0cVd9bCx1vp&compuser=HOME|User&sid=irlmHunMm3S3KXH7&phase=MASTER_STARTED | Mozilla/4.0 (compatible; Synapse) |
| statcs.s76.r53.com.ua | /addrecord.php?apikey=COSLb0cVd9bCx1vp&compuser=HOME|User&sid=irlmHunMm3S3KXH7&phase=PREPARING | Mozilla/4.0 (compatible; Synapse) |
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
| AVG | Win32/DH{AzYKE4JkgRYBgQx9?} |
| Ad-Aware | Gen:Trojan.Heur.DP.vmHfa4YZuwfi |
| Arcabit | Trojan.Heur.DP.vmHfa4YZuwfi |
| Avira | TR/Dldr.Delphi.Gen4 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9656 |
| BitDefender | Gen:Trojan.Heur.DP.vmHfa4YZuwfi |
| CrowdStrike | malicious_confidence_100% (D) |
| ESET-NOD32 | a variant of Win32/Filecoder.NKD |
| Emsisoft | Gen:Trojan.Heur.DP.vmHfa4YZuwfi (B) |
| Endgame | malicious (moderate confidence) |
| F-Secure | Gen:Trojan.Heur.DP.vmHfa4YZuwfi |
| GData | Gen:Trojan.Heur.DP.vmHfa4YZuwfi |
| Invincea | trojan.win32.bho.ee |
| MicroWorld-eScan | Gen:Trojan.Heur.DP.vmHfa4YZuwfi |
| Qihoo-360 | HEUR/QVM11.1.46A1.Malware.Gen |
| SentinelOne | static engine - malicious |
| Symantec | ML.Attribute.HighConfidence |
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
| HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| {dda3f824-d8cb-441b-834d-be2efd2c1a33} |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters |
Comments
User comments about cf6ebd60cd7c46a0c17dc192322f4cd4fc93b44add0dae17abb0d6c0c203cf9e.
User comments about cf6ebd60cd7c46a0c17dc192322f4cd4fc93b44add0dae17abb0d6c0c203cf9e.
