File: ed63f189d893d0983bfef3d13e302e98

Metadata
File name:payload.exe
File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
File size:1250651 bytes
Analysis date:2017-04-26 23:36:27
MD5:ed63f189d893d0983bfef3d13e302e98
SHA1:b2fc14cbf48fa18e641224b0ef05b92d1d0e771c
SHA256:ee019e73611d1c342ccb879ad625a1a0cf957528bc508c9210def9b315aa0606
SHA512:8ee3e2aa6af24a1bed2a071383b5c4c9eb69c96b6719cf437dadc9124875ae45a8692457b1c4ba9e0ddfb48c31a260233805999bda3b162b44b7a0b0e922c893
SSDEEP:24576:nJYG3xdCzuu1CdAwlukxuhALqu6jebTDWsa/D0YBWAEp:nZnvu1e8JhA2u6ibOsiD0w6
IMPHASH:c77bf8efde03d347a9898edefee8470b
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with ed63f189d893d0983bfef3d13e302e98.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
1.2.3.4
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\payload.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\CDF
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem
HKEY_CLASSES_ROOT\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MyDocuments
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ecf03a33-103d-11d2-854d-006008059367}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{ECF03A33-103D-11D2-854D-006008059367}
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\rubyw.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Intel Hardware Cryptographic Service Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}
CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\TreatAs
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocServer32
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocServerX86
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\LocalServer32
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocHandler32
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\InprocHandlerX86
\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}
HKEY_CLASSES_ROOT\CLSID\{67EA19A0-CCEF-11D0-8024-00C04FD75D13}\TreatAs
CLSID\{ECF03A33-103D-11D2-854D-006008059367}
CLSID\{ECF03A33-103D-11D2-854D-006008059367}\TreatAs
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocServer32
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocServerX86
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\LocalServer32
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocHandler32
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\InprocHandlerX86
\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}
HKEY_CLASSES_ROOT\CLSID\{ECF03A33-103D-11D2-854D-006008059367}\TreatAs
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\TreatAs
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServerX86
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\LocalServer32
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocHandler32
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocHandlerX86
\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\TreatAs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions
Comments
User comments about ed63f189d893d0983bfef3d13e302e98.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.