File: d741d1ca437459e68b861c0c3954087e61978f2d5449d79556e04342f508ff7f

Metadata
File name:nabvwhy.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:406016 bytes
Analysis date:2017-07-05 05:09:10
MD5:2d467f9e53fc5c1e88f9eaccbb32c156
SHA1:f74e89d25c89c536547b7a7abe53d14b7ce04ca0
SHA256:d741d1ca437459e68b861c0c3954087e61978f2d5449d79556e04342f508ff7f
SHA512:ceb46ec1192ac51f888d81daa1991f93c963b694a901dde6997713b4b096e304ac6bcc2ac485d186265221961991d2d782b706f504775d563cc94dcd07e655ef
SSDEEP:6144:kO+Lwmfe0ghvLkPbcyWYWb3HTqQ/j+yJtQdfH9b+6r6kLbrwo:FCwmfe1LKVQHDb+etQh9Zr6kD
IMPHASH:5ff0bb2ddab6d7b06b94f70a6d129129
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with d741d1ca437459e68b861c0c3954087e61978f2d5449d79556e04342f508ff7f.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
ip.anysrc.net/plain/clientipMozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\TreatAs
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocServer32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocServerX86
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\LocalServer32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocHandler32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocHandlerX86
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
HKEY_CLASSES_ROOT\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\UnsafeSslApps
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
Comments
User comments about d741d1ca437459e68b861c0c3954087e61978f2d5449d79556e04342f508ff7f.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.