File: 5b9f66431ddf53447408195d9b657aa7
Metadata
| ref_0000r21_detalles general_de_la_informacion_de_a_cuerdo_solicitud_pdf.exe | |
| PE32 executable (GUI) Intel 80386, for MS Windows | 316638 bytes |
| 2017-07-24 13:25:39 | |
| 5b9f66431ddf53447408195d9b657aa7 | |
| fa2816d0aa47033011ac2dd9e90f470c3f247672 | |
| 8f3f63cfdf9d7695384783a65823e4eaea95dbf474c00cb084d05b7e9e1cce04 | |
| 0e9a6730185ed726bd86c3af7865e74623fb33c6beb3ca43b91db9591153237f545d1eb566fcd4fef607874129e0536c1e28c74878122fe1f83f486216c09888 | |
| 3072:QufkJqr2zIcnJgGAM/W/IirL8c3K1R3p0IO2fxPEsvVSWOfg0ilL:Qu2q68zbL8caR3p0MOmVbOXix | |
| c3bf1d8af719c6590d3841252d3bafd9 | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with 5b9f66431ddf53447408195d9b657aa7.
Cyber threat intelligence reports associated with 5b9f66431ddf53447408195d9b657aa7.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
| Host | URL | User-Agent |
|---|---|---|
| 181.141.6.106:2090 | /1234567890.functions | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) |
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
| Avira | TR/Dropper.VB.qlzmd |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9962 |
| CrowdStrike | malicious_confidence_100% (W) |
| Cylance | Unsafe |
| DrWeb | Trojan.VbCrypt.250 |
| ESET-NOD32 | a variant of Win32/GenKryptik.APUX |
| Endgame | malicious (high confidence) |
| Kaspersky | Backdoor.Win32.Xtreme.bakr |
| McAfee | Artemis!5B9F66431DDF |
| McAfee-GW-Edition | BehavesLike.Win32.Trojan.fm |
| Paloalto | generic.ml |
| SentinelOne | static engine - malicious |
| Sophos | Mal/Generic-S |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF |
| HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lBVQMb.dll |
Comments
User comments about 5b9f66431ddf53447408195d9b657aa7.
User comments about 5b9f66431ddf53447408195d9b657aa7.
