File: 932fe0988dbb1de413f2eec9769aa195

Metadata
File name:image.tif
File type:TIFF image data, little-endian
File size:18372 bytes
Analysis date:2016-09-30 11:00:05
MD5:932fe0988dbb1de413f2eec9769aa195
SHA1:ed6888284d423c1db5ed0e2289307d05ee143479
SHA256:75212c09c3b8e09f135c0f61150d8e220050f081173ceb4a672dad34a5d0c8e7
SHA512:433cb0dfbcabbcf01854110dddc5336bddeb36e84265147f1077e1b37351041c4b9638deac9b42048653d665dc86c4a4eb1cb7bae6c0b7776748d57dbb9f9364
SSDEEP:192:BTK8VBvXjjKtZV9dEe7EqkQ9GbUgx8QNcy0G4KtAOHbJRzKrp2cjO8LH7eQqWwD:hKYZnw7dEe6QgbIbS3s/iQDwMs/gJq
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 932fe0988dbb1de413f2eec9769aa195.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\rundll32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif
HKEY_CLASSES_ROOT\.tif
HKEY_CLASSES_ROOT\TIFImage.Document
HKEY_CLASSES_ROOT\TIFImage.Document\CurVer
HKEY_CLASSES_ROOT\TIFImage.Document\
HKEY_CLASSES_ROOT\TIFImage.Document\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.tif
HKEY_CLASSES_ROOT\SystemFileAssociations\.tif\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\image
HKEY_CLASSES_ROOT\SystemFileAssociations\image\ShellEx\IconHandler
HKEY_CLASSES_ROOT\TIFImage.Document\\Clsid
HKEY_CLASSES_ROOT\SystemFileAssociations\.tif\Clsid
HKEY_CLASSES_ROOT\SystemFileAssociations\image\Clsid
HKEY_CLASSES_ROOT\*
HKEY_CLASSES_ROOT\*\Clsid
HKEY_CLASSES_ROOT\TIFImage.Document\\ShellEx\DataHandler
HKEY_CLASSES_ROOT\.tif\ShellEx\DataHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.tif\ShellEx\DataHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\image\ShellEx\DataHandler
HKEY_CLASSES_ROOT\*\ShellEx\DataHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellImageView
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellImageView
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}
CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\TreatAs
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocServer32
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocServerX86
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\LocalServer32
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocHandler32
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocHandlerX86
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}
HKEY_CLASSES_ROOT\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\TreatAs
CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}
CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\TreatAs
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServerX86
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\LocalServer32
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocHandler32
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocHandlerX86
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}
HKEY_CLASSES_ROOT\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\TreatAs
CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}
CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\TreatAs
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServerX86
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\LocalServer32
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocHandler32
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocHandlerX86
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}
HKEY_CLASSES_ROOT\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log
HKEY_CLASSES_ROOT\.log
HKEY_CLASSES_ROOT\txtfile
HKEY_CLASSES_ROOT\txtfile\CurVer
HKEY_CLASSES_ROOT\txtfile\
HKEY_CLASSES_ROOT\txtfile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.log
HKEY_CLASSES_ROOT\txtfile\\Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp
HKEY_CLASSES_ROOT\.tmp
HKEY_CLASSES_ROOT\SystemFileAssociations\.tmp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml
HKEY_CLASSES_ROOT\.xml
HKEY_CLASSES_ROOT\xmlfile
HKEY_CLASSES_ROOT\xmlfile\CurVer
HKEY_CLASSES_ROOT\xmlfile\
HKEY_CLASSES_ROOT\xmlfile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.xml
HKEY_CLASSES_ROOT\SystemFileAssociations\text
HKEY_CLASSES_ROOT\xmlfile\\Clsid
HKEY_CLASSES_ROOT\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt
HKEY_CLASSES_ROOT\.txt
HKEY_CLASSES_ROOT\SystemFileAssociations\.txt
HKEY_CLASSES_ROOT\SystemFileAssociations\text\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\text\Clsid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html
HKEY_CLASSES_ROOT\.html
HKEY_CLASSES_ROOT\htmlfile
HKEY_CLASSES_ROOT\htmlfile\CurVer
HKEY_CLASSES_ROOT\htmlfile\
HKEY_CLASSES_ROOT\htmlfile\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.html
HKEY_CLASSES_ROOT\htmlfile\\Clsid
HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
Comments
User comments about 932fe0988dbb1de413f2eec9769aa195.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.