File: 89258854adce5f5fd4d99ece5aad39b306f40585810ced9b0f79dad43fd8e036

Metadata
File name:89258854adce5f5fd4d99ece5aad39b306f40585810ced9b0f79dad43fd8e036
File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
File size:191488 bytes
Analysis date:2017-07-18 07:00:05
MD5:619d10780d59cbf6ddab9ed2f878a95d
SHA1:8ff9ae047ece2214e4e48d38557e3935b70306a8
SHA256:89258854adce5f5fd4d99ece5aad39b306f40585810ced9b0f79dad43fd8e036
SHA512:c8f37e4a1f735f108091348ff67ac887be43dbe780329cfd88fb96fa7dda4c1dbbedf060e0388e09c36808fd9132e8ebbf4e2e13f4581629d2830aa04676029d
SSDEEP:3072:+rbd8SPTUEyR40yZjjUrWmLWt6W3K1FVuYp0dsK:+rbVLJyRT5WmEzK1+FJ
IMPHASH:cc9170f580bf26a9f564fffd9cf2995c
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 89258854adce5f5fd4d99ece5aad39b306f40585810ced9b0f79dad43fd8e036.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
ALYacTrojan.Ransom.Scorpio
AVGWin32:Scarab-A [Trj]
AVwareFraudTool.Win32.SecurityShield.ek!c (v)
Ad-AwareGen:Trojan.Heur2.GZ.lGW@biyzVli
AegisLabTroj.W32.Gen.lArK
Antiy-AVLTrojan/Win32.AGeneric
ArcabitTrojan.Heur2.GZ.ECCA1A
AvastWin32:Scarab-A [Trj]
AviraTR/Downloader.Gen
BitDefenderGen:Trojan.Heur2.GZ.lGW@biyzVli
ComodoTrojWare.Win32.TrojanDownloader.Delf.gen
CrowdStrikemalicious_confidence_100% (W)
DrWebTrojan.Siggen7.24876
ESET-NOD32a variant of Win32/Filecoder.FS
EmsisoftGen:Trojan.Heur2.GZ.lGW@biyzVli (B)
Endgamemalicious (high confidence)
F-SecureGen:Trojan.Heur2.GZ.lGW@biyzVli
GDataGen:Trojan.Heur2.GZ.lGW@biyzVli
IkarusTrojan.Win32.Filecoder
Invinceaheuristic
JiangminTrojan.Generic.bcmfg
K7AntiVirusTrojan ( 004f6e981 )
K7GWTrojan ( 004f6e981 )
KasperskyTrojan-Ransom.Win32.Purga.bk
MAXmalware (ai score=85)
MalwarebytesRansom.Scarab
McAfeeArtemis!619D10780D59
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.ch
MicroWorld-eScanGen:Trojan.Heur2.GZ.lGW@biyzVli
MicrosoftTrojan:Win32/Skeeyah.A!rfn
PandaTrj/GdSda.A
Qihoo-360Win32/Trojan.760
RisingTrojan.Filecoder!8.68 (cloud:Qrr4BRABP7L)
SophosMal/Generic-S
SymantecRansom.CryptXXX
TencentWin32.Trojan.Filecoder.Wnmr
TrendMicroRansom_SCARAB.B
TrendMicro-HouseCallRansom_SCARAB.B
VIPREFraudTool.Win32.SecurityShield.ek!c (v)
ViRobotTrojan.Win32.S.Ransom.191488
WebrootW32.Trojan.Gen
YandexTrojan.Filecoder!Ek3TceD4DH8
ZoneAlarmTrojan-Ransom.Win32.Purga.bk
nProtectRansom/W32.Purga.191488
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_LOCAL_MACHINE\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\89258854adce5f5fd4d99ece5aad39b306f40585810ced9b0f79dad43fd8e036.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_CURRENT_USER\Software\XKOQon
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
Comments
User comments about 89258854adce5f5fd4d99ece5aad39b306f40585810ced9b0f79dad43fd8e036.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.