File: d138afbd6ed696ed5489136123621fb04c0592a2b4d288e3dadd6d6d93693baa

Metadata
File name:syshost.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:131072 bytes
Analysis date:2016-08-10 20:04:18
MD5:8b0cca757e097e452182a8e6c2090e13
SHA1:d8ce82e98368c92a9a43d0fed36b3fa012799800
SHA256:d138afbd6ed696ed5489136123621fb04c0592a2b4d288e3dadd6d6d93693baa
SHA512:2a5d82489eeb5ce3fc437925c5d7fae805ef236da4c95315f0d2275cf3645d10c6a0f6edb1f8fefb7c0c5b0feb81967964a81798426e7b38cfc6454c9dbd2c69
SSDEEP:3072:2IkiQxhb8q31FVJ+A8Htp4VZIBc6BF0DrEoq0HbpucNVZQy+:DtQ331V+A87ISBct3EoqOgc
IMPHASH:08e0058cbd37acdc1570c59f130ad30d
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with d138afbd6ed696ed5489136123621fb04c0592a2b4d288e3dadd6d6d93693baa.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
microsoft.com23.100.122.175
unrowblqousqdld.comN/A
pnjgugsflbwvca.comN/A
gsygqvezkik.comN/A
qnidzuioplmj.comN/A
0.pool.ntp.org173.255.246.13
1.pool.ntp.org129.6.15.29
2.pool.ntp.org128.138.141.172
jfbbrj3bbbd.bitN/A
Hosts
Hosts the malware sample communicates with.
128.138.141.172
129.6.15.29
66.228.48.38
23.96.52.53
94.231.81.244
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
AVGGeneric_r.LYP
Ad-AwareTrojan.GenericKD.3442089
AhnLab-V3Dropper/Win32.Necurs.N2071109933
ArcabitTrojan.Generic.D3485A9
AvastWin32:Dropper-gen [Drp]
AviraTR/Necurs.EL.1
BitDefenderTrojan.GenericKD.3442089
DrWebTrojan.Necurs.414
ESET-NOD32Win32/TrojanDownloader.Necurs.B
EmsisoftTrojan.GenericKD.3442089 (B)
F-SecureTrojan.GenericKD.3442089
GDataTrojan.GenericKD.3442089
IkarusTrojan-Downloader.Win32.Necurs
K7AntiVirusTrojan-Downloader ( 004b96921 )
K7GWTrojan-Downloader ( 004b96921 )
KasperskyTrojan-Dropper.Win32.Necurs.aaim
MalwarebytesTrojan.MalPack
McAfeeArtemis!8B0CCA757E09
McAfee-GW-EditionBehavesLike.Win32.VBObfus.ch
MicroWorld-eScanTrojan.GenericKD.3442089
MicrosoftTrojan:Win32/Necurs
PandaTrj/Necurs.G
Qihoo-360HEUR/QVM07.1.EA7A.Malware.Gen
SymantecHeur.AdvML.B
TencentWin32.Trojan-dropper.Necurs.Dzts
TrendMicroTROJ_DYER.BMC
TrendMicro-HouseCallTROJ_DYER.BMC
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
Comments
User comments about d138afbd6ed696ed5489136123621fb04c0592a2b4d288e3dadd6d6d93693baa.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.