File: 7fe2a46d58f5a54922b0a88d92d95bfe

Metadata
File name:contact_vcf_334DB0E.wsf
File type:HTML document, ASCII text, with very long lines
File size:60729 bytes
Analysis date:Analyzed on February 23 2017 18:54:39
MD5:7fe2a46d58f5a54922b0a88d92d95bfe
SHA1:cf4fc7f15aa7e7dc208c4ee54af3181dcb364c0d
SHA256:34bfb48d3835832115f3bd3d6a1947a7d00711969acb6fad961f7c2c13ac9bd3
SHA512:b3e8f1d267f4e3c876c8b283a356947c8315a0593efdcc91c7d6e795b909f5027fafd9e424f617bc944b5b7a1e0680370805e30a80e50bde8d334274f0abc63d
SSDEEP:N/A
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 7fe2a46d58f5a54922b0a88d92d95bfe.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
raiaepeuhl.net184.105.192.2
kikitikor.com184.105.192.2
art-asfalt.com46.29.2.62
Hosts
Hosts the malware sample communicates with.
184.105.192.2
46.29.2.62
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
46.29.2.62/z7hnlMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
46.29.2.62/z7hnlMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
46.29.2.62/z7hnlMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
46.29.2.62/z7hnlMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
46.29.2.62/z7hnlMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
N/A
N/A
N/A
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!ziwqrac!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!ziwqrac!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\Local\!IETld!Mutex"
"\Sessions\1\BaseNamedObjects\RasPbFile"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\c:!users!ziwqrac!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about 7fe2a46d58f5a54922b0a88d92d95bfe.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.