File: 287ebf60c34b4a18e23566dbfcf5ee982d3bace22d148b33a27d9d1fc8596692

Metadata
File name:php.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
File size:367643 bytes
Analysis date:2017-04-07 14:25:40
MD5:e53dd7c23b2efefa6485b7e2ff92e36e
SHA1:ef92d4a473527cfb4998cabe9a49d73c827e560d
SHA256:287ebf60c34b4a18e23566dbfcf5ee982d3bace22d148b33a27d9d1fc8596692
SHA512:ff3bd440eb6b374546e43a628df9aff39d8362580cfb23bf47e1868c065c1d4161e375bd15bf6b32a7e4485b83db4022fc38413ac146d6cc779eb8fcc9ad466b
SSDEEP:6144:WMMYNXqBBRW+w7j8iIHZNcnelBEV8/Sb6SRQAB0nO1pez+GVwAAkcu7WXQiPKh3P:6nRW7j8XHMRmO1AvVxAkkQp4d3m
IMPHASH:e160ef8e55bb9d162da4e266afd9eef3
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 287ebf60c34b4a18e23566dbfcf5ee982d3bace22d148b33a27d9d1fc8596692.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
ykajlsyh.bigboobl.orgN/A
ipecho.net5.12.151.12
ubzgdqvzy.bigboobl.orgN/A
ngewy.bigboobl.orgN/A
ilyvahi.bigboobl.orgN/A
amiziruz.bigboobl.orgN/A
ihebaxotu.bigboobl.orgN/A
exubibo.bigboobl.orgN/A
ezesoxrceno.bigboobl.orgN/A
ixekyduz.bigboobl.orgN/A
xhezoquxyti.bigboobl.orgN/A
omudul.bigboobl.orgN/A
ilekuztkosa.bigboobl.orgN/A
Hosts
Hosts the malware sample communicates with.
5.12.151.12
31.31.76.169
88.200.73.100
178.78.213.214
62.113.216.177
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
ipecho.net/plain
AV Detections
AV detection names associated with the malware sample.
ALYacTrojan.Ransom.cryptolocker
AVGInject3.BZHY
AVwareTrojan.Win32.Generic!BT
Ad-AwareDropped:Trojan.GenericKD.4524375
AegisLabTroj.W32.Inject!c
AhnLab-V3Trojan/Win32.Cryptolocker.C1825147
ArcabitTrojan.Generic.D450957
AvastWin32:Malware-gen
AviraTR/AD.Teerac.rxlzz
BaiduWin32.Trojan.WisdomEyes.16070401.9500.9948
BitDefenderDropped:Trojan.GenericKD.4524375
BkavW32.Clod87f.Trojan.84be
CAT-QuickHealRansom.CrypLock
ClamAVWin.Ransomware.Cryptolocker-6197444-0
CrowdStrikemalicious_confidence_100% (W)
CyrenW32/Trojan.VSTT-7872
DrWebTrojan.Encoder.761
ESET-NOD32Win32/Filecoder.TorrentLocker.A
EmsisoftDropped:Trojan.GenericKD.4524375 (B)
Endgamemalicious (high confidence)
F-ProtW32/Ransom.JO
F-SecureTrojan.GenericKD.4524375
FortinetGenerik.LVTABQN!tr
GDataDropped:Trojan.GenericKD.4524375
IkarusTrojan-Ransom.Cerber
Invinceatrojan.win32.skeeyah.a!rfn
K7AntiVirusTrojan ( 005075d81 )
K7GWTrojan ( 005075d81 )
KasperskyTrojan.Win32.Inject.wnfq
MalwarebytesRansom.Crypt0L0cker
McAfeeRDN/Ransom
McAfee-GW-EditionBehavesLike.Win32.Ransom.fc
MicroWorld-eScanDropped:Trojan.GenericKD.4524375
MicrosoftRansom:Win32/Teerac.I
NANO-AntivirusTrojan.Win32.DLZL.emdthn
Paloaltogeneric.ml
PandaGeneric Malware
RisingMalware.Undefined!8.C (cloud:dPlaEC5OhrC)
SUPERAntiSpywareRansom.CryptoLocker/Variant
SentinelOnestatic engine - malicious
SophosTroj/TorrentL-A
SymantecRansom.TorrentLocker
TencentWin32.Trojan.Inject.Aihx
TrendMicroRansom_CRYPTLOCK.DLFLVU
TrendMicro-HouseCallRansom_CRYPTLOCK.DLFLVU
VBA32Trojan.Inject
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.Z.Agent.367643[h]
WebrootTrojan.Dropper.Gen
YandexTrojan.Injector!v9rni+wVNPg
ZoneAlarmTrojan.Win32.Inject.wnfq
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\php.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
Comments
User comments about 287ebf60c34b4a18e23566dbfcf5ee982d3bace22d148b33a27d9d1fc8596692.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.