File: 769b57e1da68d43a00e83c568bace5112dcef1a7745344b5b262be46f83fed2e

Metadata
File name:Zebra.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
File size:424960 bytes
Analysis date:Analyzed on November 23 2016 07:19:11
MD5:f56e071ba27b8f97e4205ccda0996c64
SHA1:02ac5504f2ed758446b92f499795afc1e0591747
SHA256:769b57e1da68d43a00e83c568bace5112dcef1a7745344b5b262be46f83fed2e
SHA512:a95f75acfc515fc6d5be114aa39c46213f0b088595178863270b5f5f3c21c78d7934eab103c5cb2334cb7000554a5aa1ae52e7d611107b68f1d6d136ea2c925f
SSDEEP:12288:xOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiCoqZH:xq5TfcdHj4fmb/H
IMPHASH:586fa6e6c43f51c796989dc6ddb6dd3e
Authentihash:5b9eb10543856ca6d5ee42f7b9c86f3062d5ece4ca2880df4f7e1035d56d56ec
Related resources
PE TypePE32
File Size415 kB
Machine TypeIntel 386 or later, and compatibles
File OSWin32
Code Size348160
OS Version5.1
Entry Point0xebf20
File Flags Mask0x0000
Linker Version11.0
File SubtypeN/A
Uninitialized Data Size618496
Initialized Data Size81920
Product Version Number0.0.0.0
MIME Typeapplication/octet-stream
Character SetUnicode
Language CodeEnglish (British)
File Version Number0.0.0.0
File TypeWin32 EXE
SubsystemWindows GUI
Object File TypeExecutable application
Image Version0.0
File Flags(none)
Subsystem Version5.1
Source:
APTNotes
Cyber threat intelligence reports associated with 769b57e1da68d43a00e83c568bace5112dcef1a7745344b5b262be46f83fed2e.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
whos.amung.us67.202.94.94
hebacanak.xyz-
widgets.amung.us50.23.131.235
Hosts
Hosts the malware sample communicates with.
67.202.94.94
50.23.131.235
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
67.202.94.94/swidget/userlog12.pnhAutoIt
N/A
N/A
N/A
50.23.131.235/small/00/1.png2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 [.1..User-Agent
N/A
N/A
N/A
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\RasPbFile"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\!IETld!Mutex"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!z48b5p5!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!z48b5p5!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\Local\c:!users!z48b5p5!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!z48b5p5!appdata!roaming!microsoft!windows!ietldcache!"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_LOW!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!z48b5p5!appdata!roaming!microsoft!windows!cookies!low!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!z48b5p5!appdata!local!microsoft!windows!history!low!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!z48b5p5!appdata!local!microsoft!windows!temporary internet files!low!content.ie5!"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about 769b57e1da68d43a00e83c568bace5112dcef1a7745344b5b262be46f83fed2e.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.