7e9c05cff0e0ac10640100c801c3f56470fb6166bbf4e67fa28c63af683458e4 File Analysis Results

Metadata

File name:	PO12062017.exe
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
File size:	327680 bytes
Analysis date:	2017-07-05 17:35:43
MD5:	aab1bb5073188ffdfae1af3cb038c0b7
SHA1:	ba40300913aaa8c0745da6502ab4fa547304cd81
SHA256:	7e9c05cff0e0ac10640100c801c3f56470fb6166bbf4e67fa28c63af683458e4
SHA512:	9cf107260177fcc2d27685e863409d9558929164143019af465136572317a09fbfc88ce5ebf525316a131e64d154e0f587eced1ba1a40caa0de448389808d0ed
SSDEEP:	6144:4WR7thWyL1fHz+m4h5dXP6RR7kjgMTlPf:4WR7thDEHhyXctln
IMPHASH:	7bbea4dea22273dc210717fe72ff4fec
Authentihash:	N/A
Related resources

Source:

APTNotes
Cyber threat intelligence reports associated with 7e9c05cff0e0ac10640100c801c3f56470fb6166bbf4e67fa28c63af683458e4.

Domains
Domains the malware sample communicates with.

Hosts
Hosts the malware sample communicates with.

HTTP Requests
HTTP requests the malware sample makes.

AV Detections
AV detection names associated with the malware sample.

ALYac	Trojan.VBKrypt.gen
AVG	Win32:Malware-gen
AVware	Trojan.Win32.Generic!BT
Ad-Aware	Gen:Variant.Graftor.380641
AegisLab	Troj.W32.Generic!c
AhnLab-V3	Trojan/Win32.VBKrypt.C1999780
Antiy-AVL	Trojan/Win32.AGeneric
Arcabit	Trojan.Graftor.D5CEE1
Avast	Win32:Malware-gen
Avira	TR/Dropper.VB.apvox
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9700
BitDefender	Gen:Variant.Graftor.380641
CAT-QuickHeal	Trojan.Dynamer
Comodo	UnclassifiedMalware
CrowdStrike	malicious_confidence_100% (W)
Cyren	W32/Injector.HO2.gen!Eldorado
DrWeb	Trojan.PWS.Stealer.17779
ESET-NOD32	a variant of Win32/Injector.DPEI
Emsisoft	Gen:Variant.Graftor.380641 (B)
Endgame	malicious (high confidence)
F-Prot	W32/Injector.HO2.gen!Eldorado
F-Secure	Gen:Variant.Graftor.380641
Fortinet	W32/Generic.M!tr
GData	Gen:Variant.Graftor.380641
Ikarus	Trojan-Spy.Loki
Invincea	heuristic
K7AntiVirus	Trojan ( 0050fca31 )
K7GW	Trojan ( 0050fca31 )
Kaspersky	Trojan.Win32.Agentb.bvgy
McAfee	Fareit-FIL!AAB1BB507318
McAfee-GW-Edition	BehavesLike.Win32.Vilsel.fm
MicroWorld-eScan	Gen:Variant.Graftor.380641
Microsoft	Trojan:Win32/Dynamer!rfn
NANO-Antivirus	Trojan.Win32.Stealer.epyonc
Paloalto	generic.ml
Panda	Trj/GdSda.A
Qihoo-360	HEUR/QVM03.0.C38A.Malware.Gen
Rising	Trojan.Injector!8.C4 (cloud:zOD26At5njF)
SentinelOne	static engine - malicious
Sophos	Mal/FareitVB-M
Symantec	Trojan.Gen
Tencent	Win32.Trojan.Generic.Lpkz
TrendMicro	TSPY_FAREIT.AUSIPT
TrendMicro-HouseCall	TSPY_FAREIT.AUSIPT
VIPRE	Trojan.Win32.Generic!BT
Webroot	W32.Malware.Gen
ZoneAlarm	Trojan.Win32.Agentb.bvgy

Mutants
Mutants created by the malware sample.

Registry keys
Registry keys created by the malware sample.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager

HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF

HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\PO12062017.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions

HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\

Comments
User comments about 7e9c05cff0e0ac10640100c801c3f56470fb6166bbf4e67fa28c63af683458e4.

NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.

Contextual information

File: 7e9c05cff0e0ac10640100c801c3f56470fb6166bbf4e67fa28c63af683458e4