File: 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a

Metadata
File name:Invoice.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:81232 bytes
Analysis date:2016-11-24 00:48:33
MD5:f24384228fb49f9271762253b0733123
SHA1:8a5ee36f1d0fe4925c261a4e667312dff38b6d3b
SHA256:2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a
SHA512:97be209156c959c31590539634b4b8c4f7f0c6f8fe5711dab8f11b1e24bc77da4f8b6a711d532db524e0da6b62879f1ae59ae7d0b64bf856db12bf7e043f01b4
SSDEEP:1536:D6xjJ1ft7DEFogMjXHdp9Bi4SKLsKDO0yF5NnlGGQXAT:exjfxD0ogMjXHdp9Bi4SbKDOlNn/2AT
IMPHASH:1eb4077b51d8f882d3b8aa39408d55c6
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
myexternalip.com78.47.139.102
Hosts
Hosts the malware sample communicates with.
91.219.28.77
78.47.139.102
193.9.28.24
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
myexternalip.com/rawTrickLoader
AV Detections
AV detection names associated with the malware sample.
AVwareTrojan.Win32.Generic!BT
Ad-AwareTrojan.Generic.19304129
AegisLabTroj.Atraps.Gen!c
AhnLab-V3Trojan/Win32.Trickbot.N2131111648
Antiy-AVLTrojan/Win32.TSGeneric
ArcabitTrojan.Generic.D1268EC1
AvastWin32:Malware-gen
AviraTR/Samca.qsydm
BitDefenderTrojan.Generic.19304129
CAT-QuickHealTrojan.Dynamer
ComodoTrojWare.Win32.TrickBot.A
CrowdStrikemalicious_confidence_100% (W)
CyrenW32/Trojan.XPUE-9136
DrWebTrojan.DownLoader22.63830
ESET-NOD32a variant of Win32/Agent.RYE
EmsisoftTrojan.Generic.19304129 (B)
F-SecureTrojan.Generic.19304129
FortinetW32/Agent.RYE!tr
GDataTrojan.Generic.19304129
IkarusTrojan.Win32.Agent
Invinceageneric.a
JiangminTrojan.Banker.CoreBot.j
K7AntiVirusTrojan ( 001b27e51 )
K7GWTrojan ( 001b27e51 )
KasperskyHEUR:Trojan.Win32.Trickster.gen
MalwarebytesSpyware.TrickBot
McAfeeArtemis!F24384228FB4
McAfee-GW-EditionBehavesLike.Win32.Downloader.lh
MicroWorld-eScanTrojan.Generic.19304129
MicrosoftTrojan:Win32/Dynamer!ac
NANO-AntivirusTrojan.Win32.DownLoader22.ehgkqr
PandaTrj/GdSda.A
Qihoo-360HEUR/QVM10.1.0000.Malware.Gen
RisingTrojan.Agent!8.B1E-TQB9YMYeOKO (cloud)
SUPERAntiSpywareTrojan.Agent/Gen-TDSS[Pragma]
SophosMal/Generic-S
SymantecTrojan Horse
TencentWin32.Trojan.Atraps.Eaml
TrendMicro-HouseCallTROJ_DYNAMER.XXYX
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.Z.Downloader22.81232[h]
YandexTrojan.Agent!IxT6axTRL5Y
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\TreatAs
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocServer32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocServerX86
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\LocalServer32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocHandler32
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InprocHandlerX86
\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}
HKEY_CLASSES_ROOT\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\UnsafeSslApps
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
Comments
User comments about 2c4eab037c37b55780cce28e48d930faa60879045208ae4b64631bb7a2f4cb2a.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.