File: c5ffedde5139845a028c466b72fbc9f8

Metadata
File name:Setup.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:3347749 bytes
Analysis date:2017-04-29 12:14:25
MD5:c5ffedde5139845a028c466b72fbc9f8
SHA1:a8436803685d533dab7c4382283e1e205ce4d1b5
SHA256:41aff6669d47c74fb941eb2fad1aa0948d0e4219b5ee9225d5fb9167a27f118c
SHA512:bb221f9809f3a9508cf937ae7d88072b15bb6de672547b8da8600bdedd6c2bc837893a89fcd0052227bedbd74b22531b21fea5de10e01c7084694b5e859ef427
SSDEEP:49152:IjmC9EE9hGWhn/TQ5sf0hdUXx2KoZFZS/Q5s3OOCJ/JTcbY7RjtgcnkP9dMvhV0H:oqmGWhn/THfcNFYQKEJRlVG6P0S0vYY
IMPHASH:483f0c4259a9148c34961abbda6146c1
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with c5ffedde5139845a028c466b72fbc9f8.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
ESET-NOD32a variant of Win32/HackTool.Crack.ES potentially unsafe
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\CodeGear\Locales
HKEY_LOCAL_MACHINE\Software\CodeGear\Locales
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}
CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\TreatAs
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServerX86
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\LocalServer32
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocHandler32
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocHandlerX86
\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}
HKEY_CLASSES_ROOT\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\TreatAs
CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}
CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\TreatAs
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServerX86
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\LocalServer32
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocHandler32
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocHandlerX86
\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}
HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\TreatAs
CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}
CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\TreatAs
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServerX86
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\LocalServer32
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocHandler32
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocHandlerX86
\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Homefront The Revolution Beyond the Walls DLC_is1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Homefront The Revolution Beyond the Walls DLC_is1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaResources\DirectSound\Application Compatibility\SETUP.TMP506A75B50017CE00
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_8086&DEV_2415&SUBSYS_00008086&REV_01#3&267a616a&0&28#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_8086&DEV_2415&SUBSYS_00008086&REV_01#3&267a616a&0&28#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Topology
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_8086&DEV_2415&SUBSYS_00008086&REV_01#3&267a616a&0&28#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{8c07dd50-7a8d-11d2-8f8c-00c04fbf8fef}&dmusic
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32
Drivers\wave
Drivers\wave\wdmaud.drv
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{3E227E76-690D-11D2-8161-0000F8775BF1}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{3E227E76-690D-11D2-8161-0000F8775BF1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{3E227E76-690D-11D2-8161-0000F8775BF1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}
Drivers\midi
Drivers\midi\wdmaud.drv
Drivers\aux
Drivers\aux\wdmaud.drv
Drivers\mixer
Drivers\mixer\wdmaud.drv
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Multimedia\Sound Mapper
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Wave Mapper\wdmaud.drv
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Multimedia\MIDIMap
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaResources
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaResources\DirectSound
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaResources\DirectSound\Device Presence
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2415&SUBSYS_00008086&REV_01\3&267A616A&0&28
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2415&SUBSYS_00008086&REV_01\3&267A616A&0&28\DirectSound
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2415&SUBSYS_00008086&REV_01\3&267A616A&0&28\DirectSound\Device Presence
DirectSound
DirectSound\Device Presence
CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\App Management
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\App Management
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectSound
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MediaResources\DirectSound\Mixer Defaults
DirectSound\Mixer Defaults
DirectSound\Speaker Configuration
Comments
User comments about c5ffedde5139845a028c466b72fbc9f8.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.