Sample: b660dc27659b414b8d3b32c6b17e8b4c

Note: if you are new to ThreatMiner, check out the how-to page to find out how you can get the most out of this portal.

Metadata
File name:CPT-PLUS-2017-SETUP.EXE
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:11693312 bytes
Analysis date:2016-12-01 14:17:58
MD5:b660dc27659b414b8d3b32c6b17e8b4c
SHA1:0d951856975c76ed171d96da5080c09396397462
SHA256:614ce55013146693fd31c66b1ecb25534460932f3f8c04f003a8beed8549f4e3
SHA512:11c5d20b35be98e958d62ab6c411fbe79697ec301d64dc44cf568f0ce8cd3f16e51d4cba002a99dd8bc33d06f5567d94838da93b88766f5ca27a14737adadb4c
SSDEEP:196608:Qa/rTTuBRIIRtokfX860Md2DGHWwCev+M/j3u9h+TNPcQr2XZeU9bNTP7xo:n/XTgBRto6X8cdlOKbe9h+ZPPyUU9Bxo
IMPHASH:c5319e076a4e8512805ca6dc9210f0f6
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with b660dc27659b414b8d3b32c6b17e8b4c.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CLASSES_ROOT\.htm
HKEY_CLASSES_ROOT\htmlfile
HKEY_CLASSES_ROOT\htmlfile\shell\open\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\CPT-PLUS-2017-SETUP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{00021401-0000-0000-C000-000000000046}
CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00021401-0000-0000-C000-000000000046}
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf
HKEY_CLASSES_ROOT\.pdf
HKEY_CLASSES_ROOT\AcroExch.Document
HKEY_CLASSES_ROOT\AcroExch.Document\CurVer
HKEY_CLASSES_ROOT\AcroExch.Document.7
HKEY_CLASSES_ROOT\AcroExch.Document.7\shell
HKEY_CLASSES_ROOT\AcroExch.Document.7\
HKEY_CLASSES_ROOT\AcroExch.Document.7\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.pdf
HKEY_CLASSES_ROOT\AcroExch.Document.7\\Clsid
HKEY_CLASSES_ROOT\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\DefaultSecurity
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\InProcServer32
Comments
User comments about b660dc27659b414b8d3b32c6b17e8b4c.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.