Sample: 6e62cc4a671cdc85fb6165609d7d6ff8

Note: if you are new to ThreatMiner, check out the how-to page to find out how you can get the most out of this portal.

Metadata
File name:sigplus.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:3374640 bytes
Analysis date:2016-12-01 14:38:42
MD5:6e62cc4a671cdc85fb6165609d7d6ff8
SHA1:449c66d1e8df79296192dc744bb803e27826e903
SHA256:164613f7e5f4aa92c46b93a0e1e0b0f4cc7ef4718f4885b966deb645c721cd3e
SHA512:f09a6a95257d39283551713c734fb291a8df059a81c121495b3812a360b142f021501466d88a7a5c71f303e214d9648b88c3082084d139ee9b7024bc4818a8e6
SSDEEP:49152:rp/7ehr1adZbNZjG8naG6+lseF3THneE7lut//zO/5vTpXPCDfriVdlLz5nC73Zp:98r8RPG/YrpHCzapfddln5C73ZtH14u
IMPHASH:81638d02019c0bfcaaf23a9c69f2f12c
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 6e62cc4a671cdc85fb6165609d7d6ff8.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MosTrace\CurrentVersion\DebugAsyncTrace
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_CLASSES_ROOT\CLSID\{69A40DA4-4D42-11D0-86B0-0000C025864A}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Topaz e-Signatures SigPlus 4.4.0.28
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\GLB48.tmp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{00021401-0000-0000-C000-000000000046}
CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00021401-0000-0000-C000-000000000046}
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\exefile
HKEY_CLASSES_ROOT\exefile\CurVer
HKEY_CLASSES_ROOT\exefile\
HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_CLASSES_ROOT\SystemFileAssociations\application
HKEY_CLASSES_ROOT\exefile\\Clsid
HKEY_CLASSES_ROOT\*
HKEY_CLASSES_ROOT\*\Clsid
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\DefaultSecurity
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{E6236153-7D18-11D3-A104-0000C033864A}
HKEY_CLASSES_ROOT\TypeLib\{E6236153-7D18-11D3-A104-0000C033864A}\1.0
HKEY_CLASSES_ROOT\TypeLib\{E6236153-7D18-11D3-A104-0000C033864A}\1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{E6236153-7D18-11D3-A104-0000C033864A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{E6236153-7D18-11D3-A104-0000C033864A}\1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{E6236153-7D18-11D3-A104-0000C033864A}\1.0\HELPDIR
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface\{E6236154-7D18-11D3-A104-0000C033864A}
HKEY_CLASSES_ROOT\Interface\{E6236154-7D18-11D3-A104-0000C033864A}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{E6236154-7D18-11D3-A104-0000C033864A}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{E6236154-7D18-11D3-A104-0000C033864A}\TypeLib
HKEY_CLASSES_ROOT\Interface\{E6236155-7D18-11D3-A104-0000C033864A}
HKEY_CLASSES_ROOT\Interface\{E6236155-7D18-11D3-A104-0000C033864A}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{E6236155-7D18-11D3-A104-0000C033864A}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{E6236155-7D18-11D3-A104-0000C033864A}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{E6236157-7D18-11D3-A104-0000C033864A}
HKEY_CLASSES_ROOT\CLSID\{E6236157-7D18-11D3-A104-0000C033864A}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}
HKEY_CLASSES_ROOT\SIGSIGN.SigSignCtrl.1
HKEY_CLASSES_ROOT\SIGSIGN.SigSignCtrl.1\CLSID
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\ProgID
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\ToolboxBitmap32
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\MiscStatus
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\MiscStatus\1
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\Control
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\Version
HKEY_CLASSES_ROOT\SIGSIGN.SigSignCtrl.1\Insertable
HKEY_CLASSES_ROOT\CLSID\{E6236156-7D18-11D3-A104-0000C033864A}\Insertable
HKEY_CLASSES_ROOT\TypeLib\{69A40DA0-4D42-11D0-86B0-0000C025864A}
HKEY_CLASSES_ROOT\TypeLib\{69A40DA0-4D42-11D0-86B0-0000C025864A}\2.18
HKEY_CLASSES_ROOT\TypeLib\{69A40DA0-4D42-11D0-86B0-0000C025864A}\2.18\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{69A40DA0-4D42-11D0-86B0-0000C025864A}\2.18\0
HKEY_CLASSES_ROOT\TypeLib\{69A40DA0-4D42-11D0-86B0-0000C025864A}\2.18\0\win32
HKEY_CLASSES_ROOT\TypeLib\{69A40DA0-4D42-11D0-86B0-0000C025864A}\2.18\HELPDIR
HKEY_CLASSES_ROOT\Interface\{69A40DA1-4D42-11D0-86B0-0000C025864A}
HKEY_CLASSES_ROOT\Interface\{69A40DA1-4D42-11D0-86B0-0000C025864A}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{69A40DA1-4D42-11D0-86B0-0000C025864A}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{69A40DA1-4D42-11D0-86B0-0000C025864A}\TypeLib
HKEY_CLASSES_ROOT\Interface\{69A40DA2-4D42-11D0-86B0-0000C025864A}
HKEY_CLASSES_ROOT\Interface\{69A40DA2-4D42-11D0-86B0-0000C025864A}\ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{69A40DA2-4D42-11D0-86B0-0000C025864A}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{69A40DA2-4D42-11D0-86B0-0000C025864A}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{40C20904-C3DA-11D1-B302-0000C090FF48}
HKEY_CLASSES_ROOT\CLSID\{40C20904-C3DA-11D1-B302-0000C090FF48}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{40C20901-C3DA-11D1-B302-0000C090FF48}
HKEY_CLASSES_ROOT\CLSID\{40C20901-C3DA-11D1-B302-0000C090FF48}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{E05A0EA1-C3CF-11D1-B302-0000C090FF48}
HKEY_CLASSES_ROOT\CLSID\{E05A0EA1-C3CF-11D1-B302-0000C090FF48}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{69A40DA4-4D42-11D0-86B0-0000C025864A}
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}
HKEY_CLASSES_ROOT\SIGPLUS.SigPlusCtrl.1
HKEY_CLASSES_ROOT\SIGPLUS.SigPlusCtrl.1\CLSID
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\ProgID
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\ToolboxBitmap32
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\MiscStatus
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\MiscStatus\1
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\Control
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\Version
HKEY_CLASSES_ROOT\SIGPLUS.SigPlusCtrl.1\Insertable
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\Insertable
HKEY_CLASSES_ROOT\Component Categories
HKEY_CLASSES_ROOT\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{69A40DA3-4D42-11D0-86B0-0000C025864A}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Comments
User comments about 6e62cc4a671cdc85fb6165609d7d6ff8.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.