File: abb63c13e4224adf669f49579c45a0c2

Metadata
File name:13_09_2016.doc
File type:Rich Text Format data, version 1, unknown character set
File size:126915 bytes
Analysis date:Analyzed on September 14 2016 11:58:11
MD5:abb63c13e4224adf669f49579c45a0c2
SHA1:ed87e81f11c60dd60fd12f1bd4cd6f17d72b2992
SHA256:d7575f163f0f0093ecbca1d701b1d17ded3033672cfc6387511e689aec7a96a6
SHA512:49f2effbf9cb5af6628b0277d7755f019b17ce2de79488322e6c4e335016e5913a7b42c36ed8711515aded09fcb3bf783e03d297ee0b081096b43e2873afeb29
SSDEEP:N/A
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with abb63c13e4224adf669f49579c45a0c2.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
ramanidistribution.com50.87.9.240
Hosts
Hosts the malware sample communicates with.
50.87.9.240
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
50.87.9.240 (ramanidistribution.com)/photograph/s2.exeMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-60907"
"\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
"\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-60907"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\c:!users!7qpdnph!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!7qpdnph!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!7qpdnph!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\RasPbFile"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about abb63c13e4224adf669f49579c45a0c2.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.