File: 64269fdc099cf6d45a29e26fd54ad4f78c1a91b58e4fb77a8247d47086f71572

Metadata
File name:jHqcrUjYV1.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:317440 bytes
Analysis date:2017-08-02 02:04:35
MD5:ece16814e892478cfb747662a49e6d9e
SHA1:2467c00219f7ddb055d1034962fe7b0b5bcee89a
SHA256:64269fdc099cf6d45a29e26fd54ad4f78c1a91b58e4fb77a8247d47086f71572
SHA512:98702fbcce57ece43cb39976b84b8ef15f4031a1d3b4b9f3fe20ea485336195dd40653e6688cd0295c87d616b8a0737ec1793811ba9b6c1830c9cae08b8bc60e
SSDEEP:6144:y8CWDa/m2yGjZslZQTJQR3wcLCTngFEehYLtouWh:yyGpZIZQTJePCTgUG
IMPHASH:0318013172025ffb03bb104b8e7f797c
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 64269fdc099cf6d45a29e26fd54ad4f78c1a91b58e4fb77a8247d47086f71572.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
AVGWin32:Malware-gen
Ad-AwareTrojan.RanSerKD.5740596
AegisLabMl.Attribute.Gen!c
Antiy-AVLTrojan/Win32.TSGeneric
ArcabitTrojan.RanSerKD.D579834
AvastWin32:Malware-gen
AviraTR/Crypt.Xpack.eevof
BaiduWin32.Trojan.WisdomEyes.16070401.9500.9996
BitDefenderTrojan.RanSerKD.5740596
CylanceUnsafe
CyrenW32/Trojan.RFGJ-8338
DrWebTrojan.DownLoader25.15277
ESET-NOD32Win32/Filecoder.FV
EmsisoftTrojan.RanSerKD.5740596 (B)
Endgamemalicious (high confidence)
F-SecureTrojan.RanSerKD.5740596
FortinetW32/GenKryptik.APVB!tr
GDataTrojan.RanSerKD.5740596
IkarusTrojan-Banker.Emotet
Invinceaheuristic
K7AntiVirusTrojan ( 005031101 )
K7GWTrojan ( 005031101 )
KasperskyTrojan.Win32.Deshacop.gao
MAXmalware (ai score=99)
MalwarebytesRansom.GlobeImposter
McAfeeGeneric .i
McAfee-GW-EditionBehavesLike.Win32.Ransomware.fc
MicroWorld-eScanTrojan.RanSerKD.5740596
MicrosoftRansom:Win32/Septrypt.A
Paloaltogeneric.ml
RisingMalware.Obscure/Heur!1.9E03 (classic)
SentinelOnestatic engine - malicious
SophosMal/Emotet-E
SymantecRansom.CryptXXX
TencentWin32.Trojan.Raas.Auto
WhiteArmorMalware.HighConfidence
ZoneAlarmTrojan.Win32.Deshacop.gao
nProtectTrojan/W32.Deshacop.317440.B
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
{dda3f824-d8cb-441b-834d-be2efd2c1a33}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Debug\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers
Comments
User comments about 64269fdc099cf6d45a29e26fd54ad4f78c1a91b58e4fb77a8247d47086f71572.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.