File: 25ee9aaf6fd29574f3b897c85286a201b0ba4f946956bf0ea6ec0a9c29c6b248

Metadata
File name:image2017-11-22-6133563.vbs
File type:ASCII text, with CRLF line terminators
File size:3954 bytes
Analysis date:2017-11-27 16:07:19
MD5:578bf4a6c10ea3ee7712e66664141bea
SHA1:8212b0363f7e4b804db7f3ea98d1330bb7f538b7
SHA256:25ee9aaf6fd29574f3b897c85286a201b0ba4f946956bf0ea6ec0a9c29c6b248
SHA512:a9b49e1d68c9af46fd9548b9cb4728b04e7aaa1b6ea4c60490271f6e5a616b1b0fd0024a7c717a908ef9445bc660a8c441f7605000768d6f557c5de73937d609
SSDEEP:N/A
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 25ee9aaf6fd29574f3b897c85286a201b0ba4f946956bf0ea6ec0a9c29c6b248.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
hellonwheelsthemovie.comN/A
atlantarecyclingcenters.comN/A
pamplonarecados.comN/A
Hosts
Hosts the malware sample communicates with.
5.2.88.79
98.124.251.75
66.36.165.149
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
5.2.88.79 (pamplonarecados.com)/JHgd476?Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
98.124.251.75 (atlantarecyclingcenters.com)/JHgd476?Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
66.36.165.149 (hellonwheelsthemovie.com)/JHgd476?Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!txd3hrx!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!txd3hrx!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\Local\!IETld!Mutex"
"\Sessions\1\BaseNamedObjects\Local\c:!users!txd3hrx!appdata!roaming!microsoft!windows!ietldcache!"
"\Sessions\1\BaseNamedObjects\RasPbFile"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\c:!users!txd3hrx!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\c:!users!txd3hrx!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\ZonesLockedCacheCounterMutex"
"Local\WininetProxyRegistryMutex"
"Local\!IETld!Mutex"
"Local\ZoneAttributeCacheCounterMutex"
"IESQMMUTEX_0_208"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about 25ee9aaf6fd29574f3b897c85286a201b0ba4f946956bf0ea6ec0a9c29c6b248.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.