File: 3cf4cd0bd69f77c31eb0d6213bbdda7c6f54a6cd01635e917b2bc0228c60fce5

Metadata
File name:module.1976.3c30f030.400000.exe
File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size:1167872 bytes
Analysis date:2015-04-23 21:22:02
MD5:8a5422c7d2514d7ad0ed912593547009
SHA1:2c80205d6cd0451e887d9a00a0a57c5c1fdc99ea
SHA256:3cf4cd0bd69f77c31eb0d6213bbdda7c6f54a6cd01635e917b2bc0228c60fce5
SHA512:719403a5f72c58790c979fea8b1647b548cd403b16ba52077c2d18a3e88aab8045faff04815fc89ee88001ea141475d19b8134d3912fbbbe9cc9017ffd86e371
SSDEEP:24576:YILTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:dx6
IMPHASH:f34d5f2d4577ed6d9ceec516c1f5a744
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 3cf4cd0bd69f77c31eb0d6213bbdda7c6f54a6cd01635e917b2bc0228c60fce5.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
az623152.vo.msecnd.net68.232.34.200
fhr.data.mozilla.com63.245.215.95
aus4.mozilla.org63.245.217.138
ciscobinary.openh264.org92.122.214.96
ssl.microsofttranslator.com65.55.108.4
sg.symcd.com23.53.187.27
s2.symcb.com23.53.187.27
az416426.vo.msecnd.net68.232.34.200
soft-start.loop.services.mozilla.com127.255.255.255
sr.symcd.com23.53.187.27
c.bing.com207.46.194.10
aus3.mozilla.org63.245.217.44
clients1.google.com173.194.112.32
ocsp.msocsp.com108.162.232.202
ajax.aspnetcdn.com68.232.34.200
ssl.bing.com204.79.197.200
dc.services.visualstudio.com23.101.68.210
download.cdn.mozilla.net2.20.143.31
api.microsofttranslator.com65.55.108.5
tiles.services.mozilla.com54.148.133.107
download.mozilla.org63.245.217.39
ocsp.digicert.com93.184.220.29
safebrowsing.google.com173.194.116.200
tiles.cdn.mozilla.net68.232.34.191
safebrowsing-cache.google.com173.194.113.14
nexus.ensighten.com54.228.235.157
dotnetsocial.cloudapp.net157.55.84.29
Hosts
Hosts the malware sample communicates with.
63.245.217.138
173.194.112.32
65.55.108.4
63.245.215.95
54.68.127.247
184.169.160.159
23.101.68.210
108.162.232.202
93.184.220.29
204.79.197.200
63.245.217.39
68.232.34.191
68.232.34.200
63.245.217.44
157.55.84.29
137.116.48.250
95.101.195.91
173.194.112.35
173.194.112.36
65.55.108.5
23.42.207.138
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
93.184.220.29 (ocsp.digicert.com)/Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
63.245.217.39 (download.mozilla.org)/?product=firefox-37.0.2-partial-35.0.1&os=win&lang=deMozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
157.55.84.29 (dotnetsocial.cloudapp.net)/redir?o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3cf4cd0bd69f77c31eb0d6213bbdda7c6f54a6cd01635e917b2bc0228c60fce5&platf...Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
108.162.232.202 (ocsp.msocsp.com)/Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
173.194.112.32 (clients1.google.com)/ocspMozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
108.162.232.202 (ocsp.msocsp.com)/Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
108.162.232.202 (ocsp.msocsp.com)/Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
108.162.232.202 (ocsp.msocsp.com)/Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
AV Detections
AV detection names associated with the malware sample.
ALYacTrojan.GenericKD.2319659
AVGWorm/Generic_c.DBU
AVwareTrojan.Win32.Generic!BT
Ad-AwareTrojan.GenericKD.2319659
AhnLab-V3Trojan/Win32.Golroted
ArcabitTrojan.Generic.D23652B
AvastWin32:VaultCrypt-A [Trj]
AviraTR/Spy.Gen
Baidu-InternationalWorm.MSIL.Spy.Agent
BitDefenderTrojan.GenericKD.2319659
CAT-QuickHealPE.EXE.g3
ClamAVWin.Trojan.Agent-892553
ComodoUnclassifiedMalware
CyrenW32/Trojan.TMJD-5600
DrWebTrojan.PWS.Stealer.13336
ESET-NOD32a variant of MSIL/Autorun.Spy.Agent.AU
EmsisoftTrojan.GenericKD.2319659 (B)
F-SecureTrojan.GenericKD.2319659
FortinetRiskware/PWDump
GDataTrojan.GenericKD.2319659
IkarusTrojan-Spy.Agent
Kasperskynot-a-virus:RiskTool.Win32.PwDump.e
MalwarebytesRiskWare.InfoStealer.STB
McAfee-GW-EditionArtemis!PUP
MicroWorld-eScanTrojan.GenericKD.2319659
MicrosoftTrojanSpy:MSIL/Golroted.B
NANO-AntivirusTrojan.Win32.Siggen1.dllrsy
PandaTrj/CI.A
Qihoo-360HEUR/QVM20.1.Malware.Gen
RisingPE:Malware.Generic/QRS!1.9E2D [F]
TheHackerW32/Behav-Heuristic-CorruptFile-EP
TrendMicroTROJ_GEN.R00UC0DDU15
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.S.Agent.1167872.AE[h]
nProtectTrojan.GenericKD.2319659
Mutants
Mutants created by the malware sample.
"Local\!IETld!Mutex"
"Local\FirefoxStartupMutex"
"Local\_!MSFTHISTORY!_"
"Local\c:!users!pspubws!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\c:!users!pspubws!appdata!roaming!microsoft!windows!cookies!"
"Local\c:!users!pspubws!appdata!local!microsoft!windows!history!history.ie5!"
"Local\WininetStartupMutex"
"Local\WininetConnectionMutex"
"Local\WininetProxyRegistryMutex"
"Global\MozillaUpdateMutex-aeVcDEW6vlSu+PLYtSFCvWhPsG0="
Registry keys
Registry keys created by the malware sample.
Comments
User comments about 3cf4cd0bd69f77c31eb0d6213bbdda7c6f54a6cd01635e917b2bc0228c60fce5.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.