File: 935f4544820aa478b093ad309f46d09d92a028f7bba606a0f8c8f53b8e1f9b7a
Metadata
| jbYUF6D | |
| PE32 executable (GUI) Intel 80386, for MS Windows | 621568 bytes |
| 2017-08-16 14:07:35 | |
| aa8ad854f6aa1dac8b0bd7465ea764a9 | |
| 7854ab61220146cf491f7f428081df862a1d1399 | |
| 935f4544820aa478b093ad309f46d09d92a028f7bba606a0f8c8f53b8e1f9b7a | |
| b73df9ff0b7f4f92376f65daa4b3c76afff90064a5b082d415a6fb3109094f5c9cb5a2c2a349f12d45e75804eba556b69239388258dbec70327a6587b6c84231 | |
| 6144:ULNkU2KcrO6z6DuINvYRC+bBRkSDWE0veY6g6FjcvDvOh6Iis2fhBLF3a0tH+R:w2ZrO6zLVS48WY6g6d6IiLflqI | |
| af69b099a4ecdca266bc3390cc25286a | |
| N/A | |
APTNotes
Cyber threat intelligence reports associated with 935f4544820aa478b093ad309f46d09d92a028f7bba606a0f8c8f53b8e1f9b7a.
Cyber threat intelligence reports associated with 935f4544820aa478b093ad309f46d09d92a028f7bba606a0f8c8f53b8e1f9b7a.
Domains
Domains the malware sample communicates with.
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
HTTP requests the malware sample makes.
| Host | URL | User-Agent |
|---|---|---|
| 192.162.103.213 | /imageload.cgi | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) |
| 192.162.103.213 | /imageload.cgi | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) |
| 192.162.103.213 | /imageload.cgi | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) |
AV Detections
AV detection names associated with the malware sample.
AV detection names associated with the malware sample.
| AVG | Win32:Malware-gen |
| AegisLab | Ransom.Cerber.Smaly0!c |
| Avast | Win32:Malware-gen |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9998 |
| CrowdStrike | malicious_confidence_100% (W) |
| Cylance | Unsafe |
| DrWeb | Trojan.Encoder.13570 |
| ESET-NOD32 | Win32/Filecoder.Locky.L |
| Endgame | malicious (high confidence) |
| Fortinet | W32/GenKryptik.APXF!tr |
| Invincea | heuristic |
| Kaspersky | UDS:DangerousObject.Multi.Generic |
| Malwarebytes | Ransom.Locky |
| McAfee | GenericR-KFD!AA8AD854F6AA |
| McAfee-GW-Edition | BehavesLike.Win32.ZeroAccess.jc |
| Paloalto | generic.ml |
| Rising | Malware.Generic.2!tfe (thunder:i8qGX3QJFaF) |
| SentinelOne | static engine - malicious |
| Sophos | Mal/Generic-S |
| Symantec | Ransom.CryptXXX |
| TrendMicro | Ransom_CERBER.SMALY0 |
| TrendMicro-HouseCall | Ransom_CERBER.SMALY0 |
| Webroot | W32.Trojan.Gen |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic |
Mutants
Mutants created by the malware sample.
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
Registry keys created by the malware sample.
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 024 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName |
| ActiveComputerName |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\System\Setup |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\NetworkProvider\HwOrder |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\RDPNP\NetworkProvider |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\LanmanWorkstation\NetworkProvider |
| HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\WebClient\NetworkProvider |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\Network |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Network |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Ole |
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes |
| HKEY_LOCAL_MACHINE\Software\Classes |
| \REGISTRY\USER |
| HKEY_LOCAL_MACHINE\Software\Classes\CLSID |
| CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86 |
| \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer |
| HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} |
| HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs |
| CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\App Management |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\App Management |
Comments
User comments about 935f4544820aa478b093ad309f46d09d92a028f7bba606a0f8c8f53b8e1f9b7a.
User comments about 935f4544820aa478b093ad309f46d09d92a028f7bba606a0f8c8f53b8e1f9b7a.
