File: befe46c778ae7cdfd39a439c272cebb762b29c68531da7e715b7bd2120604c91

Metadata
File name:Exploit_Sample.doc
File type:Rich Text Format data, version 1, unknown character set
File size:767253 bytes
Analysis date:2016-02-23 11:07:03
MD5:30addc11e6a61177f83543608ef319ad
SHA1:1689db66122ed491c22a370db02c7aeceb96502d
SHA256:befe46c778ae7cdfd39a439c272cebb762b29c68531da7e715b7bd2120604c91
SHA512:df991c20c72302db5273623505623099fc3c40cbfca9e0b694792ef14d0f6178b3137d3544755b403be3529278af974e53f7368028fecc4487d62128c6aa64ed
SSDEEP:N/A
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with befe46c778ae7cdfd39a439c272cebb762b29c68531da7e715b7bd2120604c91.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
assets.onestore.ms23.201.80.98
dotnetsocial.cloudapp.net40.124.13.228
smtp.yandex.com77.88.21.38
mem.gfx.ms23.201.90.155
Hosts
Hosts the malware sample communicates with.
40.124.13.228
104.90.27.171
87.250.250.38
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
40.124.13.228 (dotnetsocial.cloudapp.net)/redir?o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0000&osver=5&isServer=0Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\KYIMEShareCachedData.MutexObject.PSPUBWS"
"\Sessions\1\BaseNamedObjects\KYTransactionServer.MutexObject.PSPUBWS"
"\Sessions\1\BaseNamedObjects\Local\MidiMapper_modLongMessage_RefCnt"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Local\!IETld!Mutex"
"\Sessions\1\BaseNamedObjects\Global\.net clr networking"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about befe46c778ae7cdfd39a439c272cebb762b29c68531da7e715b7bd2120604c91.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.