File: 6411d67561bdec05969291699fdf97e0

Metadata
File name:explorer.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:133805 bytes
Analysis date:2016-08-25 20:35:04
MD5:6411d67561bdec05969291699fdf97e0
SHA1:6b993767ff99af6f8e22c15edd6fe8ab5acaa91d
SHA256:66fd81b9b9421f7b6085a13cd79e0f76154c03ee5f282af07032c9b8c664e80b
SHA512:b5068944cc1ea0894ede3777655f1a1d7f1190030ec7dce57e6c417af603595bafc3b8e66ea618483a696f05318188be176e3705dc602357e5134d20eafb52a0
SSDEEP:3072:VVqoCl/YgjxEufVU0TbTyDDalbnvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvU:VsLqdufVUNDa6
IMPHASH:8c16c795b57934183422be5f6df7d891
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 6411d67561bdec05969291699fdf97e0.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
ALYacGen:Variant.Symmi.43980
AVGAgent4.ALYU
AVwareTrojan.Win32.Agent.abzf (v)
Ad-AwareGen:Variant.Symmi.43980
AhnLab-V3Trojan/Win32.Swisyn.R1452
Antiy-AVLTrojan/Win32.Agent
ArcabitTrojan.Symmi.DABCC
AvastWin32:VB-OJQ [Wrm]
AviraWORM/Mofksys.bouem
BaiduWin32.Worm.VB.b
BitDefenderGen:Variant.Symmi.43980
BkavW32.DxedaZAV.Trojan
CAT-QuickHealWorm.Agent.XJ3
ClamAVWin.Trojan.Agent-1109049
ComodoTrojWare.Win32.VB.QOTY
CrowdStrikemalicious_confidence_100% (D)
CyrenW32/TJtroj.A.gen!Eldorado
DrWebWin32.HLLP.Swisyn
ESET-NOD32a variant of Win32/VB.QOT
EmsisoftGen:Variant.Symmi.43980 (B)
F-ProtW32/TJtroj.A.gen!Eldorado
F-SecureGen:Variant.Symmi.43980
FortinetW32/VB.QCC!tr.dldr
GDataGen:Variant.Symmi.43980
IkarusTrojan.Win32.VB
JiangminTrojan/Agent.hxgb
K7AntiVirusTrojan-Downloader ( 0011507f1 )
K7GWTrojan-Downloader ( 0011507f1 )
KasperskyTrojan.Win32.Agent.xjgj
MalwarebytesTrojan.Agent
McAfeeW32/Swisyn.ai
McAfee-GW-EditionBehavesLike.Win32.Swisyn.cm
MicroWorld-eScanGen:Variant.Symmi.43980
MicrosoftWorm:Win32/Mofksys!rfn
NANO-AntivirusTrojan.Win32.Agent.cqkyjd
PandaTrj/Spy.AT
Qihoo-360HEUR/QVM03.0.0000.Malware.Gen
RisingTrojan.Agent!1.6A70
SUPERAntiSpywareTrojan.Agent/Gen-Gosys
SophosTroj/Agent-ABZF
SymantecW32.Gosys!gen1
TencentTrojan.Win32.Agent.ade
TheHackerTrojan/Downloader.VB.qcc
TotalDefenseWin32/Tnega.SHMfXW
TrendMicroPE_SWISB.A-O
TrendMicro-HouseCallPE_SWISB.A-O
VBA32Trojan.Agent
VIPRETrojan.Win32.Agent.abzf (v)
YandexTrojan.Agent!4gxD+wIprsY
ZillyaVirus.HLLP.Win32.1
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{ED6CA17F-B4CC-4BF9-B426-0BDE01CB7E81}
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServerX86
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandler32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandlerX86
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CLASSES_ROOT\AppID\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}
HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
CLSID\{00020424-0000-0000-C000-000000000046}
CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00020424-0000-0000-C000-000000000046}
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
CLSID\{00020420-0000-0000-C000-000000000046}
CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00020420-0000-0000-C000-000000000046}
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandlerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}
HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
Control Panel\International\Calendars\TwoDigitYearMax
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Schedule\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\msapsspc.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
\ProxyStubClsid32
Comments
User comments about 6411d67561bdec05969291699fdf97e0.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.