File: ccb5467a3e0a3246d4b6ef481f49d48565f02dd2446597aaffc04a131d86eb68

Metadata
File name:7609397153adbc2a4793cdc4129449ed_Gooioo.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:210944 bytes
Analysis date:2016-11-12 10:21:34
MD5:7609397153adbc2a4793cdc4129449ed
SHA1:9b458749930b63e850787f86776d43019221db14
SHA256:ccb5467a3e0a3246d4b6ef481f49d48565f02dd2446597aaffc04a131d86eb68
SHA512:ce301268a8a9a1cffb78d5ff6be973c34656e91d347109807879449ac71bdf324f48f4d7bf2cc11271cef82989ba4219a1e752b3e222d08adbeb8ca895c87789
SSDEEP:3072:c0Dd2oGH7ei2UwolchyFrfLmm4IpDX8/ByE0Bl51WAcriWmsj+6LamLxbG:c0J2oiCi2ULlchy1M/BypZCO1
IMPHASH:63c61f2b3705127fffd71fb06dc37e0b
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with ccb5467a3e0a3246d4b6ef481f49d48565f02dd2446597aaffc04a131d86eb68.
Loading...
Domains
Domains the malware sample communicates with.
DomainIP
api.wipmania.com212.83.168.196
xd.0dayx.com199.2.137.20
appupdate.org199.2.137.20
xd.0days.me199.2.137.20
Hosts
Hosts the malware sample communicates with.
199.2.137.20
212.83.168.196
40.76.58.209
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
api.wipmania.com/Mozilla/4.0
AV Detections
AV detection names associated with the malware sample.
ALYacGen:Variant.Delf.25
AVGDropper.Generic4.CIWC
AVwareTrojan.Win32.Generic!BT
Ad-AwareGen:Variant.Delf.25
AegisLabBackdoor.W32.Generic!c
AhnLab-V3Trojan/Win32.MDA.N1023228713
Antiy-AVLVirus/Win32.Virut.ce
ArcabitTrojan.Delf.25
AvastWin32:Crypt-ROM [Trj]
AviraTR/Crypt.XPACK.Gen
BaiduWin32.Trojan.WisdomEyes.16070401.9500.9955
BitDefenderGen:Variant.Delf.25
BkavW32.PadagonG.Trojan
ClamAVWin.Trojan.Injector-2949
ComodoTrojWare.Win32.Kryptik.YDL
CyrenW32/A-f329bdc8!Eldorado
DrWebTrojan.BtcMine.25
ESET-NOD32Win32/Dorkbot.B
EmsisoftGen:Variant.Delf.25 (B)
F-ProtW32/A-f329bdc8!Eldorado
F-SecureGen:Variant.Delf.25
FortinetW32/Kryptik.XYT!tr
GDataGen:Variant.Delf.25
IkarusWorm.Win32.Dorkbot
Invinceageneric.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
MalwarebytesBackdoor.Bot.WPM
McAfeeArtemis!7609397153AD
McAfee-GW-EditionBehavesLike.Win32.Trojan.dc
MicroWorld-eScanGen:Variant.Delf.25
MicrosoftVirTool:Win32/DelfInject.Z
NANO-AntivirusTrojan.Win32.XPACK.gcxam
PandaGeneric Malware
Qihoo-360Win32/Trojan.e6d
RisingMalware.Generic!ogVTnRHc7eJ@1 (thunder)
SUPERAntiSpywareTrojan.Agent/Gen-DelfInject
SophosMal/Zbot-FD
TencentWin32.Worm.Dorkbot.Aext
TrendMicro-HouseCallTROJ_DELFINJECT_0000124.TOMA
VBA32Backdoor.NgrBot.6121
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.S.Agent.210944.P[h]
YandexTrojan.Injector!u61yaKSpqEI
ZillyaTrojan.Inject.Win32.23272
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft RSA SChannel Cryptographic Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 018
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft DH SChannel Cryptographic Provider
Comments
User comments about ccb5467a3e0a3246d4b6ef481f49d48565f02dd2446597aaffc04a131d86eb68.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.