File: 400b7fd22f971d09cb8e7dc1a2aaa6bf
Metadata
| Firefox-Setup-Stub.exe | |
| PE32 executable (GUI) Intel 80386, for MS Windows | 2269696 bytes |
| 2017-04-25 18:42:33 | |
| 400b7fd22f971d09cb8e7dc1a2aaa6bf | |
| ab2ad019e7d9cf6afc52ec287c26d0795759e81f | |
| 58549d4dde029fc1e0e47bf296b19fa2db47f43b9da2e0abb4652dc46a2bec93 | |
| 2fea9dd54af6373fd3dedf73939e8c6edb0b11a94bc503f66cd16a4fedcb61fdf56cb2735c7008f028b7fb37aa999a8082af4f44ebc7835dec406db03d8ba686 | |
| 49152:6IHO8BtIvArpcCJNIegwJoD/DUSvBTPOT:6oLBIA9cC+D/7vd | |
| 97e5f38ed84785815e6bec1471cac074 | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with 400b7fd22f971d09cb8e7dc1a2aaa6bf.
Cyber threat intelligence reports associated with 400b7fd22f971d09cb8e7dc1a2aaa6bf.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
| Domain | IP |
|---|---|
| www.quevenha2017.com | 192.99.24.44 |
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
| Host | URL | User-Agent |
|---|---|---|
| www.quevenha2017.com | /modularmente/sensbetas.zip | Firefox-setup-stub |
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
| ALYac | Gen:Variant.Symmi.73569 |
| Ad-Aware | Gen:Variant.Symmi.73569 |
| AegisLab | Troj.W32.Generic!c |
| Arcabit | Trojan.Symmi.D11F61 |
| BitDefender | Gen:Variant.Symmi.73569 |
| ESET-NOD32 | a variant of Win32/TrojanDownloader.Banload.XXW |
| Emsisoft | Gen:Variant.Symmi.73569 (B) |
| Endgame | malicious (high confidence) |
| F-Secure | Gen:Variant.Symmi.73569 |
| Fortinet | W32/Banload.XXW!tr |
| GData | Gen:Variant.Symmi.73569 |
| Ikarus | Trojan-Downloader.Win32.Banload |
| K7AntiVirus | Trojan-Downloader ( 00503b041 ) |
| K7GW | Trojan-Downloader ( 00503b041 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| McAfee | Trojan-FMCY!400B7FD22F97 |
| McAfee-GW-Edition | BehavesLike.Win32.Dropper.vh |
| MicroWorld-eScan | Gen:Variant.Symmi.73569 |
| Paloalto | generic.ml |
| Panda | Trj/GdSda.A |
| Rising | Malware.Generic.4!tfe (thunder:4:UaVfMk8tIkI) |
| Symantec | Trojan.Gen.2 |
| VBA32 | suspected of Trojan.Downloader.gen.h |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_CURRENT_USER\Software\Borland\Locales |
| HKEY_LOCAL_MACHINE\Software\Borland\Locales |
| HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF |
| HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared |
| HKEY_CURRENT_USER\Software\Borland\Delphi |
| HKEY_CURRENT_USER\Software\Borland\C++Builder |
| HKEY_CURRENT_USER\Software\CodeGear\BDS |
| HKEY_CURRENT_USER\Software\Embarcadero |
| HKEY_CURRENT_USER\Software\Borland\BDS |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Firefox-Setup-Stub.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
| HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\ |
| HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions |
| HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
| HKEY_CLASSES_ROOT\Directory |
| HKEY_CLASSES_ROOT\Directory\CurVer |
| HKEY_CLASSES_ROOT\Directory\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
| HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\Directory\\Clsid |
| HKEY_CLASSES_ROOT\Folder |
| HKEY_CLASSES_ROOT\Folder\Clsid |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ |
| HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub) |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub) |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder) |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark) |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files |
| HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InProcServer32 |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility |
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes |
| HKEY_LOCAL_MACHINE\Software\Classes |
| \REGISTRY\USER |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID |
| CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} |
| CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\TreatAs |
| \CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} |
| \CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 |
| \CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServerX86 |
| \CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\LocalServer32 |
| \CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocHandler32 |
| \CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocHandlerX86 |
| \CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} |
| HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{99FD978C-D287-4F50-827F-B2C658EDA8E7} |
| HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InProcServer32 |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ab5c5600-7e6e-4b06-9197-9ecef74d31cc}\InProcServer32 |
| CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} |
| CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\TreatAs |
| \CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} |
| \CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 |
| \CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServerX86 |
| \CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\LocalServer32 |
| \CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocHandler32 |
| \CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocHandlerX86 |
| \CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} |
| HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} |
| HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InProcServer32 |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{920e6db1-9907-4370-b3a0-bafc03d81399}\InProcServer32 |
| CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} |
| CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\TreatAs |
| \CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} |
| \CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 |
| \CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServerX86 |
| \CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\LocalServer32 |
| \CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocHandler32 |
| \CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocHandlerX86 |
| \CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} |
| HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{920E6DB1-9907-4370-B3A0-BAFC03D81399} |
| HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InProcServer32 |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{16f3dd56-1af5-4347-846d-7c10c4192619}\InProcServer32 |
| CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} |
| CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\TreatAs |
| \CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} |
| \CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 |
| \CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServerX86 |
| \CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\LocalServer32 |
| \CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocHandler32 |
| \CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocHandlerX86 |
| \CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} |
| HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{16F3DD56-1AF5-4347-846D-7C10C4192619} |
| HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InProcServer32 |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2916c86e-86a6-43fe-8112-43abe6bf8dcc}\InProcServer32 |
| CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} |
| CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\TreatAs |
| \CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} |
| \CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 |
| \CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServerX86 |
| \CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\LocalServer32 |
| \CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocHandler32 |
| \CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocHandlerX86 |
| \CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} |
| HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} |
| HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InProcServer32 |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 |
| CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
| CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs |
| \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
| \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServer32 |
| \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServerX86 |
| \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer32 |
| \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandler32 |
| \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandlerX86 |
| \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
| HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe |
| HKEY_CLASSES_ROOT\.exe |
| HKEY_CLASSES_ROOT\exefile |
| HKEY_CLASSES_ROOT\exefile\CurVer |
| HKEY_CLASSES_ROOT\exefile\ |
| HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler |
| HKEY_CLASSES_ROOT\SystemFileAssociations\.exe |
| HKEY_CLASSES_ROOT\SystemFileAssociations\application |
| HKEY_CLASSES_ROOT\exefile\\Clsid |
| HKEY_CLASSES_ROOT\* |
| HKEY_CLASSES_ROOT\*\Clsid |
| HKEY_CLASSES_ROOT\exefile\\DefaultIcon |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName |
| ActiveComputerName |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\MRmirage2.exe |
Comments
User comments about 400b7fd22f971d09cb8e7dc1a2aaa6bf.
User comments about 400b7fd22f971d09cb8e7dc1a2aaa6bf.
