File: c0cae4d3d1b8c2f7aa42ceff76ce1008

Metadata
File name:WinSetupFromUSB-1-5.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:23915677 bytes
Analysis date:2017-04-21 03:51:41
MD5:c0cae4d3d1b8c2f7aa42ceff76ce1008
SHA1:6548095b4bcc568485abe2d4d5af41d11a98736d
SHA256:7d8ac307044b74672d7a42a2aface2e490d7118d89c7d0ee0f739ba1e6a8e4de
SHA512:7dfbdfccfaeb0007d077f6cfc1f3a376e13f7253594d0502b94c6a6a97058b663372eacee1c1e642802a7a9252bc5a0c3b946f403cd66fc8cc3e9baaf5b10e5e
SSDEEP:393216:aSorLaXJNOqIfFdis4uoXMn3AgRU9xhGl2zS68T/vU22P0z2c1SPiIkYrNft2:a/YTOq2Guuww5xgEeHu0z2c1E2
IMPHASH:b2a711576b695a9ecdfa6b6f91620611
Authentihash:N/A
Related resources
PE TypePE32
Internal Name7z.sfx
File Size23 MB
Machine TypeIntel 386 or later, and compatibles
File OSWindows NT 32-bit
Code Size145920
OS Version4.0
Entry Point0x2203a
File Flags Mask0x003f
Linker Version6.0
File SubtypeN/A
Uninitialized Data SizeN/A
File Version9.32 alpha
Initialized Data Size50688
File Description7z SFX
Product Version Number9.32.0.0
Product Name7-Zip
Company NameIgor Pavlov
MIME Typeapplication/octet-stream
Character SetUnicode
Language CodeEnglish (U.S.)
File Version Number9.32.0.0
File TypeWin32 EXE
Original Filename7z.sfx.exe
Legal CopyrightCopyright (c) 1999-2013 Igor Pavlov
SubsystemWindows GUI
Object File TypeExecutable application
Image Version0.0
File Flags(none)
Subsystem Version4.0
Product Version9.32 alpha
Source:
APTNotes
Cyber threat intelligence reports associated with c0cae4d3d1b8c2f7aa42ceff76ce1008.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
BaiduMulti.Threats.InArchive
CAT-QuickHealTrojan.IGENERIC
DrWebTrojan.MulDrop7.5848
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Paloaltogeneric.ml
RisingTrojan.Win32.Unpacker.n (cloud:45RKdofycMC)
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\TreatAs
\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocServer32
\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocServerX86
\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\LocalServer32
\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocHandler32
\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocHandlerX86
\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
HKEY_CLASSES_ROOT\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
Comments
User comments about c0cae4d3d1b8c2f7aa42ceff76ce1008.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.