File: 7310b5281d50da4ef4ad9b2aed6a8c5aeccd729899dcf1e78a18191aaa22fcaf

Metadata
File name:s.exe
File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size:1072640 bytes
Analysis date:2016-08-17 01:39:25
MD5:4b3413651634ef9f55565f9cfcdad7de
SHA1:073eadc4723b0ed1f204fd9b34c40ae5b409ab1e
SHA256:7310b5281d50da4ef4ad9b2aed6a8c5aeccd729899dcf1e78a18191aaa22fcaf
SHA512:e7da3f64145f7f31b860aab1d017f6dcdfa4683e0ae4c087ddcc283c2d53a4b8554c4343eb425660f2e18a03f3e36ea7a6e7e98bbb2d83fadf3bb8480bafffca
SSDEEP:24576:CDkrinj1abWkDiRrV+4upAxwy1mcR+VH2uy:qw01aqkDiRXlwy1mcRw
IMPHASH:f34d5f2d4577ed6d9ceec516c1f5a744
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 7310b5281d50da4ef4ad9b2aed6a8c5aeccd729899dcf1e78a18191aaa22fcaf.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
{dda3f824-d8cb-441b-834d-be2efd2c1a33}
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VHwgSY.dll
HKEY_CURRENT_USER\Software\Microsoft\PCHealth\ErrorReporting\DW\Debug
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Common\Security
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\11.0\Common\InstallRoot
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Common\ProductVersion
HKEY_CURRENT_USER\Software\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\DW\Debug
HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls
Comments
User comments about 7310b5281d50da4ef4ad9b2aed6a8c5aeccd729899dcf1e78a18191aaa22fcaf.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.