File: a55df35ef6866a43f9cf898cfb1ff615

Metadata
File name:HCPCS-2017-EBOOK-SETUP.EXE
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:3977029 bytes
Analysis date:2016-12-01 14:24:09
MD5:a55df35ef6866a43f9cf898cfb1ff615
SHA1:a106e7fe51fc7ea86f5b36cbad83bdaaf65618d1
SHA256:499e820fa579928445e41c0565232623ee973bc5b8d83367e93d2554e500c658
SHA512:438cf60edb10eb05a079d5ea40469773e8c07e2a7c93be2a0e82bf3b3c7b353878263dadbb10a7e6a290ba5bd5ed14d887f9c5bab0a2a86171d699a2575d33d4
SSDEEP:98304:vbOFctKVK7LOBB3A3mlacp1JRls6xV1usaXo:aJVK7L8BxccpTRdxV1udY
IMPHASH:c5319e076a4e8512805ca6dc9210f0f6
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with a55df35ef6866a43f9cf898cfb1ff615.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CLASSES_ROOT\.htm
HKEY_CLASSES_ROOT\htmlfile
HKEY_CLASSES_ROOT\htmlfile\shell\open\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HCPCS-2017-EBOOK-SETUP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{00021401-0000-0000-C000-000000000046}
CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00021401-0000-0000-C000-000000000046}
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf
HKEY_CLASSES_ROOT\.pdf
HKEY_CLASSES_ROOT\AcroExch.Document
HKEY_CLASSES_ROOT\AcroExch.Document\CurVer
HKEY_CLASSES_ROOT\AcroExch.Document.7
HKEY_CLASSES_ROOT\AcroExch.Document.7\shell
HKEY_CLASSES_ROOT\AcroExch.Document.7\
HKEY_CLASSES_ROOT\AcroExch.Document.7\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.pdf
HKEY_CLASSES_ROOT\AcroExch.Document.7\\Clsid
HKEY_CLASSES_ROOT\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\DefaultSecurity
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\InProcServer32
Comments
User comments about a55df35ef6866a43f9cf898cfb1ff615.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.