File: 0611255a5af939b7175e9e1abfe63dcb

Metadata
File name:Tundra 0.9.17_311m.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:4115456 bytes
Analysis date:2017-01-05 15:45:27
MD5:0611255a5af939b7175e9e1abfe63dcb
SHA1:12c7a39696b527c9e30da3f75b38056206ad75d7
SHA256:63032d6153db579fefeccd2523e5025602e7d9cc301c03766f4f13ecf5313755
SHA512:6ac303dad7ad4ba6221c8ed80335de869005af9800fe3502f81011a7c2e4f2841d64a2dae0fa5843401cf02167463305ae64da9ebb27b8997b2c99272583313a
SSDEEP:98304:i7gAUsRNutY4/Qu6nMkAOzGXAmlo2eN6GCVF9UbgGj5G++Asb:iUAUsb4/OnMhOKQm22q6GiFlG9G++Db
IMPHASH:8d92fa1956a6a631c642190121740197
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 0611255a5af939b7175e9e1abfe63dcb.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
ALYacTrojan.Generic.20144963
AVwareTrojan.Win32.Generic!BT
Ad-AwareTrojan.Generic.20144963
AegisLabTroj.Generic!c
AhnLab-V3Malware/Win32.Generic.C1727532
Antiy-AVLTrojan/Script.AGeneric
ArcabitTrojan.Generic.D1336343
BitDefenderTrojan.Generic.20144963
CrowdStrikemalicious_confidence_69% (W)
CyrenW32/Trojan.OHBI-7274
ESET-NOD32a variant of Win32/HackTool.CheatEngine.AF potentially unsafe
F-SecureTrojan.Generic.20144963
FortinetW32/Generic.AC.17F472!tr
GDataTrojan.Generic.20144963
Invinceavirtool.win32.injector.ge
JiangminTrojanDropper.Injector.aqkx
K7AntiVirusUnwanted-Program ( 004ba1a41 )
K7GWUnwanted-Program ( 004ba1a41 )
MalwarebytesCheatTool.CETTrainer
McAfeeArtemis!0611255A5AF9
McAfee-GW-EditionBehavesLike.Win32.PUPXAR.wc
MicroWorld-eScanTrojan.Generic.20144963
RisingMalware.Undefined!8.C-eIUKEuuvYfK (cloud)
SymantecHeur.AdvML.B
TrendMicro-HouseCallTROJ_GEN.R03EH09LT16
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.Z.Injector.4115456.B[h]
YandexHackTool.CheatEngine!h2lP7QG9eRI
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Tundra 0.9.17_311m.exe
HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CURRENT_USER\Software\Cheat Engine
HKEY_CURRENT_USER\Software\Cheat Engine\Window Positions
HKEY_CURRENT_USER\Software\Cheat Engine\Auto Assembler\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_CURRENT_USER\Software\Cheat Engine\CustomTypes\
HKEY_CURRENT_USER\Software\Cheat Engine\Disassemblerview\
HKEY_CURRENT_USER\Software\Cheat Engine\Hexview\
Comments
User comments about 0611255a5af939b7175e9e1abfe63dcb.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.