Sample: 3cfab5831d15115eda0c4d796143b548

Note: if you are new to ThreatMiner, check out the how-to page to find out how you can get the most out of this portal.

Metadata
File name:3cfab5831d15115eda0c4d796143b548
File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
File size:1326216 bytes
Analysis date:2016-12-01 19:05:03
MD5:3cfab5831d15115eda0c4d796143b548
SHA1:3a307d1ab13de5d301bfe84cccb33331955e2f69
SHA256:3bc886718633bb86936bd93fe6cd6148d8c11c21c123d77e99f7fc0eaf1d61d1
SHA512:f1f4b6072c340335a93f7230aa1b53a9814e1ca255b0b880da5eeb8508621a98be38a3ffa0b62a05aca97e0d4b6843e47f62cf76107da72de90cb6aa44a6be2b
SSDEEP:24576:Rmvw9aUSD3GN6CVFYHuSzjtEY2D+2SMSXrjMr6afOiTqJgKXBPR:MlDdCVFctD2dEXonfOiTq7
IMPHASH:9c523d8653da5455667e3f82274f2f88
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 3cfab5831d15115eda0c4d796143b548.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\3cfab5831d15115eda0c4d796143b548.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_CURRENT_USER\Software\Nagasoft\VJOcx
HKEY_CLASSES_ROOT\vjvod
HKEY_CLASSES_ROOT\CLSID\{D9845282-F694-4BBC-89B1-708619FE53D9}
HKEY_CLASSES_ROOT\CLSID\{D9845282-F694-4BBC-89B1-708619FE53D9}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}
CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServerX86
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\LocalServer32
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandler32
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandlerX86
\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}
HKEY_CLASSES_ROOT\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D9845282-F694-4BBC-89B1-708619FE53D9}
CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}
CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\TreatAs
\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}
\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32
\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServerX86
\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\LocalServer32
\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocHandler32
\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocHandlerX86
\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}
HKEY_CLASSES_ROOT\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\TreatAs
HKEY_CLASSES_ROOT\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{57428EC6-C2B2-44A2-AA9C-28F0B6A5C48E}
HKEY_CLASSES_ROOT\Media Type\{00000000-0000-0000-0000-000000000000}
HKEY_CLASSES_ROOT\Media Type\Extensions
HKEY_CLASSES_ROOT\CLSID\{D08A11FC-ABE2-4042-94A0-A9556E7C08AC}
HKEY_CLASSES_ROOT\CLSID\{D08A11FC-ABE2-4042-94A0-A9556E7C08AC}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{E66FE32A-D298-4B89-8EF5-A5D2CE0105AF}
HKEY_CLASSES_ROOT\CLSID\{E66FE32A-D298-4B89-8EF5-A5D2CE0105AF}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{92DC875A-8746-4BC2-8EC7-4BA0443BBCD0}
HKEY_CLASSES_ROOT\CLSID\{92DC875A-8746-4BC2-8EC7-4BA0443BBCD0}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{D7545090-002F-478A-9355-03577FA2B777}
HKEY_CLASSES_ROOT\CLSID\{D7545090-002F-478A-9355-03577FA2B777}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D08A11FC-ABE2-4042-94A0-A9556E7C08AC}
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E66FE32A-D298-4B89-8EF5-A5D2CE0105AF}
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{92DC875A-8746-4BC2-8EC7-4BA0443BBCD0}
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D7545090-002F-478A-9355-03577FA2B777}
HKEY_CLASSES_ROOT\CLSID\{1932C124-77DA-4151-99AA-234FEA09F463}
HKEY_CLASSES_ROOT\CLSID\{1932C124-77DA-4151-99AA-234FEA09F463}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{1932C124-77DA-4151-99AA-234FEA09F463}
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CLASSES_ROOT\VJ.VodClient.1
HKEY_CLASSES_ROOT\VJ.VodClient.1\CLSID
HKEY_CLASSES_ROOT\VJ.VodClient
HKEY_CLASSES_ROOT\VJ.VodClient\CLSID
HKEY_CLASSES_ROOT\VJ.VodClient\CurVer
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ProgID
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\VersionIndependentProgID
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\Control
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ToolboxBitmap32
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\MiscStatus
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\MiscStatus\1
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\Version
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{1D416E10-79D7-4F06-9ED8-C4DF23AA6DF6}
HKEY_CLASSES_ROOT\TypeLib\{1D416E10-79D7-4F06-9ED8-C4DF23AA6DF6}\1.0
HKEY_CLASSES_ROOT\TypeLib\{1D416E10-79D7-4F06-9ED8-C4DF23AA6DF6}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{1D416E10-79D7-4F06-9ED8-C4DF23AA6DF6}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{1D416E10-79D7-4F06-9ED8-C4DF23AA6DF6}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{1D416E10-79D7-4F06-9ED8-C4DF23AA6DF6}\1.0\HELPDIR
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface\{41A0B42A-335B-4E4D-B92D-69DAEAD1A8D8}
HKEY_CLASSES_ROOT\Interface\{41A0B42A-335B-4E4D-B92D-69DAEAD1A8D8}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{41A0B42A-335B-4E4D-B92D-69DAEAD1A8D8}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{41A0B42A-335B-4E4D-B92D-69DAEAD1A8D8}\TypeLib
HKEY_CLASSES_ROOT\Interface\{154FCEAF-23C1-495D-B8DA-BE073779BB0F}
HKEY_CLASSES_ROOT\Interface\{154FCEAF-23C1-495D-B8DA-BE073779BB0F}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{154FCEAF-23C1-495D-B8DA-BE073779BB0F}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{154FCEAF-23C1-495D-B8DA-BE073779BB0F}\TypeLib
HKEY_CLASSES_ROOT\Interface\{071825D4-FA84-45A6-A82F-B492DD197E3B}
HKEY_CLASSES_ROOT\Interface\{071825D4-FA84-45A6-A82F-B492DD197E3B}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{071825D4-FA84-45A6-A82F-B492DD197E3B}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{071825D4-FA84-45A6-A82F-B492DD197E3B}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vvdsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vvdsvc\Parameters
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Schemes\vjvod
HKEY_CLASSES_ROOT\AppID
HKEY_CLASSES_ROOT\AppID\{B6188993-A07B-40E9-ADF8-CB3E53305870}
HKEY_CLASSES_ROOT\AppID\GifShower.DLL
HKEY_CLASSES_ROOT\GifShower.GifShow.1
HKEY_CLASSES_ROOT\GifShower.GifShow.1\CLSID
HKEY_CLASSES_ROOT\GifShower.GifShow.1\Insertable
HKEY_CLASSES_ROOT\GifShower.GifShow
HKEY_CLASSES_ROOT\GifShower.GifShow\CLSID
HKEY_CLASSES_ROOT\GifShower.GifShow\CurVer
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\ProgID
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\VersionIndependentProgID
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\Programmable
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\Control
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\Insertable
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\ToolboxBitmap32
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\MiscStatus
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\MiscStatus\1
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{2BAD2D8E-2B5C-4E1C-BDFE-D4D561D986E2}\Version
HKEY_CLASSES_ROOT\TypeLib\{85087867-B23C-4425-864A-88AE60CD924D}
HKEY_CLASSES_ROOT\TypeLib\{85087867-B23C-4425-864A-88AE60CD924D}\1.0
HKEY_CLASSES_ROOT\TypeLib\{85087867-B23C-4425-864A-88AE60CD924D}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{85087867-B23C-4425-864A-88AE60CD924D}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{85087867-B23C-4425-864A-88AE60CD924D}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{85087867-B23C-4425-864A-88AE60CD924D}\1.0\HELPDIR
HKEY_CLASSES_ROOT\Interface\{6E9139BD-CCF0-4BF6-9A02-BCE12CCA0AB4}
HKEY_CLASSES_ROOT\Interface\{6E9139BD-CCF0-4BF6-9A02-BCE12CCA0AB4}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{6E9139BD-CCF0-4BF6-9A02-BCE12CCA0AB4}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{6E9139BD-CCF0-4BF6-9A02-BCE12CCA0AB4}\TypeLib
HKEY_CLASSES_ROOT\Interface\{05C43810-244F-4630-A9A2-F4CB5D2FB6D1}
HKEY_CLASSES_ROOT\Interface\{05C43810-244F-4630-A9A2-F4CB5D2FB6D1}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{05C43810-244F-4630-A9A2-F4CB5D2FB6D1}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{05C43810-244F-4630-A9A2-F4CB5D2FB6D1}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{05C43810-244F-4630-A9A2-F4CB5D2FB6D1}
HKEY_CLASSES_ROOT\CLSID\{05C43810-244F-4630-A9A2-F4CB5D2FB6D1}\InProcServer32
HKEY_CLASSES_ROOT\Interface\{05C43810-244F-4630-A9A2-F4CB5D2FB6D1}\NumMethods
HKEY_CLASSES_ROOT\VJP2P
HKEY_CLASSES_ROOT\VJP2P\Shell\Open\Command
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VJOcx2.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
Comments
User comments about 3cfab5831d15115eda0c4d796143b548.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.