File: efc8b691673b3d16ccca5ebaf77423382a8ca3291d9b3fb413ee62bc5a40ceb4
Metadata
| a2.exe | |
| PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | 384675 bytes |
| Analyzed on January 6 2017 15:06:29 | |
| f2ad1c2f3829a2c5a789a9bac51d6f09 | |
| 98f973c1bc8bf49497d4deee3d99f9f6d0dc8206 | |
| efc8b691673b3d16ccca5ebaf77423382a8ca3291d9b3fb413ee62bc5a40ceb4 | |
| 697ad5e0396d775b2c8198b7b70bd5060521c5ded556d0376a1ac4df1284a9189a67f837bda6fef25801e8055b1bbd8818e3cb50e3bfa9761c291e33ee36a620 | |
| 6144:h3gz6/XqisoJUQIYAHBKZ5cZc1VdAY8/QhIN7Vx6e092aY3AlLHZde:k6/3snOMQZ5cQdA9N7VxFabHZ4 | |
| 511bfa0b1ffb75835ce5dc0bb55ea065 | |
| 91b305d4408e5b627dbdcca779ad21a3ac91aa497b12ec964527fd004c284ab1 | |
APTNotes
Cyber threat intelligence reports associated with efc8b691673b3d16ccca5ebaf77423382a8ca3291d9b3fb413ee62bc5a40ceb4.
Cyber threat intelligence reports associated with efc8b691673b3d16ccca5ebaf77423382a8ca3291d9b3fb413ee62bc5a40ceb4.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
| Host | URL | User-Agent |
|---|---|---|
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/ | 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A [.User-Agent |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/config/log_off_page.htm | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.209.14 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /rootr3/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCCwQAAAAAATbpgjld | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/ | 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A [.User-Agent |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/config/log_off_page.htm | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /rootr3/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCCwQAAAAAATbpgjld | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /trustrootsha2g2/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBSU%2FrHEX5r9Wx5XqiVrEJSDn3RN4QQUyGObCGlUwpjI2c3jM7dQXvjJAZsCDkcHsQTG7p3lReTmRmT7 | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 198.41.214.183 | /trustrootsha2g2.crl | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.205.205 | //MEswSTBHMEUwQzAJBgUrDgMCGgUABBQcjxI5GfFtXZh%2FEo1d%2BGc7CzUohwQUHC8PTrm9ToldZGJu3uCjCSkU2x8CCmYHTzQAAgAAF90%3D | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.193.149 | /pki/i3/dpdhl_tls_sha2_i3.crl | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.27.41.235 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.209.14 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /rootr3/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCCwQAAAAAATbpgjld | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/ | 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A [.User-Agent |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/config/log_off_page.htm | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /rootr3/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCCwQAAAAAATbpgjld | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /trustrootsha2g2/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBSU%2FrHEX5r9Wx5XqiVrEJSDn3RN4QQUyGObCGlUwpjI2c3jM7dQXvjJAZsCDkcHsQTG7p3lReTmRmT7 | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 198.41.214.183 | /trustrootsha2g2.crl | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.205.205 | //MEswSTBHMEUwQzAJBgUrDgMCGgUABBQcjxI5GfFtXZh%2FEo1d%2BGc7CzUohwQUHC8PTrm9ToldZGJu3uCjCSkU2x8CCmYHTzQAAgAAF90%3D | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.193.149 | /pki/i3/dpdhl_tls_sha2_i3.crl | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.27.41.235 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.209.14 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/ | 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A [.User-Agent |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /rootr3/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCCwQAAAAAATbpgjld | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/config/log_off_page.htm | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.27.41.235 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /rootr3/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCCwQAAAAAATbpgjld | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /trustrootsha2g2/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBSU%2FrHEX5r9Wx5XqiVrEJSDn3RN4QQUyGObCGlUwpjI2c3jM7dQXvjJAZsCDkcHsQTG7p3lReTmRmT7 | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 198.41.214.183 | /trustrootsha2g2.crl | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.205.205 | //MEswSTBHMEUwQzAJBgUrDgMCGgUABBQcjxI5GfFtXZh%2FEo1d%2BGc7CzUohwQUHC8PTrm9ToldZGJu3uCjCSkU2x8CCmYHTzQAAgAAF90%3D | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.193.149 | /pki/i3/dpdhl_tls_sha2_i3.crl | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A | ||
| 91.239.77.82 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.27.41.235 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 187.233.144.117 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 165.72.209.14 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | / | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/ | 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A [.User-Agent |
| N/A | ||
| N/A | ||
| N/A | ||
| 202.57.4.26 | /csbde866f0/config/log_off_page.htm | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
| N/A | ||
| N/A | ||
| N/A | ||
| 104.16.26.216 | /rootr3/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCCwQAAAAAATbpgjld | Microsoft-CryptoAPI/6.1 |
| N/A | ||
| N/A | ||
| N/A |
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
| "\Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMemory!Mutex" |
| "\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex" |
| "\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex" |
| "\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex" |
| "\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex" |
| "\Sessions\1\BaseNamedObjects\{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}" |
| "\Sessions\1\BaseNamedObjects\_SHuassist.mtx" |
| "\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_" |
| "\Sessions\1\BaseNamedObjects\Local\c:!users!bo7vvsl!appdata!local!microsoft!windows!temporary internet files!content.ie5!" |
| "\Sessions\1\BaseNamedObjects\Local\c:!users!bo7vvsl!appdata!roaming!microsoft!windows!cookies!" |
| "\Sessions\1\BaseNamedObjects\Local\c:!users!bo7vvsl!appdata!local!microsoft!windows!history!history.ie5!" |
| "\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex" |
| "\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex" |
| "\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex" |
| "\Sessions\1\BaseNamedObjects\RasPbFile" |
| "\Sessions\1\BaseNamedObjects\8ED5CFD7E1CE5795" |
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
Comments
User comments about efc8b691673b3d16ccca5ebaf77423382a8ca3291d9b3fb413ee62bc5a40ceb4.
User comments about efc8b691673b3d16ccca5ebaf77423382a8ca3291d9b3fb413ee62bc5a40ceb4.
