File: 866fd7c29b0b6082c9295897d5db9e67

Metadata
File name:viewthread.phptid175697
File type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
File size:49477 bytes
Analysis date:Analyzed on June 23 2016 00:01:17
MD5:866fd7c29b0b6082c9295897d5db9e67
SHA1:4ec344a6743aeb78ed8ad15c5c288caaa05a862b
SHA256:940aefe52f2f5d95535cbb536c53655971d803336a208d4066683c3ddbb9959d
SHA512:ee7adff2e6cdd2064286479ce7561f1bd6ea67c809715ada4e603d1d7d90aa27161ca018ce1789768443aecfd99a927c9062e6cf4fb0b5c7891a45a195263995
SSDEEP:N/A
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 866fd7c29b0b6082c9295897d5db9e67.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
media.president.ir80.191.69.176
media.farsnews.com178.22.79.3
i.imgur.com185.31.19.193
weather.china.org.cn210.72.21.12
www.military.ir63.141.224.83
fpdownload2.macromedia.com2.16.106.177
r18.imgfast.net87.98.180.46
images.china.cn106.48.12.36
ipic.su104.28.23.43
imgs.xici.net203.130.61.92
static2.bornanews.ir46.209.99.141
news.xinhuanet.com106.48.12.33
gallery.military.ir63.141.224.83
rodong.rep.kp175.45.176.78
fpdownload.macromedia.com72.246.168.194
my.china.org.cn210.72.21.87
www.jajusibo.com121.78.144.175
www.china.org.cn106.48.12.35
Hosts
Hosts the malware sample communicates with.
175.45.176.78
63.141.224.83
210.72.21.87
80.191.69.176
210.72.21.12
46.209.99.141
121.78.144.175
106.48.12.35
106.48.12.36
72.246.168.194
106.48.12.33
87.98.180.46
185.31.19.193
178.22.79.3
203.130.61.92
2.16.106.177
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
106.48.12.35 (www.china.org.cn)/node_7077424.htmMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.35 (www.china.org.cn)/china/style.cssMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.35 (www.china.org.cn)/china/style.cssMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/logo.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/t_1.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/t_3.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/e_1.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/e_2.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/button.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/t_2.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.36 (images.china.cn)/images1/en/2009home/e_3.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
210.72.21.12 (weather.china.org.cn)/english/city/english-weather-new1.htmlMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
210.72.21.87 (my.china.org.cn)/reg.phpMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
210.72.21.87/uc/en_uc_admin/avatar.php?uid=248308&size=middleMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
210.72.21.87/uc/en_uc_admin/data/avatar/000/24/83/08_avatar_middle.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
121.78.144.175 (www.jajusibo.com)/imgdata/jajuilbo_com/201505/2015051137439063.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
80.191.69.176 (media.president.ir)/uploads/org/144022966897383700.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
178.22.79.3 (media.farsnews.com)/media/Uploaded/Files/Images/1394/05/31/13940531000590_PhotoI.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
46.209.99.141 (static2.bornanews.ir)/thumbnail/ttNMJfA47E4M/hsPvu53JYc4ZMdL-GggwrIzh2hzU5xtVFQP8bK_wEHTWBrL3vxxKeZCrWjxHgZzZ8wnBrYkXU3QMHDsygonvkmg5kwqDkuu0pz2Zr-6L...Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
46.209.99.141 (static2.bornanews.ir)/thumbnail/SQ8qder1eiAx/hsPvu53JYc4ZMdL-GggwrIzh2hzU5xtVFQP8bK_wEHTWBrL3vxxKeZCrWjxHgZzZ8wnBrYkXU3QMHDsygonvkmg5kwqDkuu0pz2Zr-6L...Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/0ayxQnW.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/LOfW5gp.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
46.209.99.141 (static2.bornanews.ir)/thumbnail/WoR50ZKvbOvU/hsPvu53JYc4ZMdL-GggwrIzh2hzU5xtVFQP8bK_wEHTWBrL3vxxKeZCrWjxHgZzZ8wnBrYkXU3QMHDsygonvkmg5kwqDkuu0pz2Zr-6L...Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/UJhaqsJ.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/GyRqxfp.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/LSq75Qr.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/vIvTADH.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/zV0GKHb.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/W8XoNvY.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/sZTteYf.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/0UxYiGH.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
185.31.19.193 (i.imgur.com)/ccoAYEp.png?1Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
63.141.224.83 (gallery.military.ir)/albums/userpics/10299/vlcsnap-2015-08-22-01h02m52s781.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
63.141.224.83 (www.military.ir)/forums/public/style_emoticons/default/praying.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
104.28.23.43 (ipic.su)/img/img7/fs/Safir-2SLVlaunch00.1453608684.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
104.28.23.43 (ipic.su)/img/img7/fs/Safir-2SLVlaunch01.1453608408.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
63.141.224.83 (gallery.military.ir)/albums/userpics/10275/20160211_115408.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
106.48.12.33 (news.xinhuanet.com)/photo/2016-02/07/1118013054_14548564832441n.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
63.141.224.83 (gallery.military.ir)/albums/userpics/10314/2016-02-24_14-55-05.jpgMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
87.98.180.46 (r18.imgfast.net)/users/1813/36/40/88/smiles/3744640757.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
63.141.224.83 (www.military.ir)/forums/public/style_emoticons/default/not%20worthy.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
175.45.176.78 (rodong.rep.kp)/en/images/page_article_mark.PNGMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
175.45.176.78 (rodong.rep.kp)/en/images/page_article_markEN.PNGMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
203.130.61.92 (imgs.xici.net)/_img/emot/panda/34.gifMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
72.246.168.194 (fpdownload.macromedia.com)/pub/shockwave/cabs/flash/swflash.cabMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
2.16.106.177 (fpdownload2.macromedia.com)/pub/shockwave/cabs/flash/swflash.cabMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
72.246.168.194 (fpdownload.macromedia.com)/get/flashplayer/update/current/install/install_all_win_cab_ax_sgn.zFlash Player Seed/3.0
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\RasPbFile"
"\Sessions\1\BaseNamedObjects\ConnHashTable<2656>_HashTable_Mutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\RSS Eventing Connection Database Mutex 00000a60"
"\Sessions\1\BaseNamedObjects\Local\Feed Eventing Shared Memory Mutex S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Local\Feed Arbitration Shared Memory Mutex [ User : S-1-5-21-4162757579-3804539371-4239455898-1000 ]"
"\Sessions\1\BaseNamedObjects\Local\Feeds Store Mutex S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
"\Sessions\1\BaseNamedObjects\Local\DirectSound DllMain mutex (0x00000A2C)"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about 866fd7c29b0b6082c9295897d5db9e67.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.