File: ed9f347dd6067cda61f17e8c16a426e8

Metadata
File name:note.scr
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:693385 bytes
Analysis date:2016-08-25 20:37:03
MD5:ed9f347dd6067cda61f17e8c16a426e8
SHA1:2f2c5a2aea8600f4bf010a253da7eb2c017cefd1
SHA256:679a43eb6fc95934143e86addbc0d187ad4eadbcd20fce8d6a6e4ca8b0532cad
SHA512:695a5e51f4939dca135da0f2cd61a3a22b6dd83ff2bc7a4240637f5a23fe2b64662cee0c8cfd212b84c250289d6fde3f3f6c90ac65d5b3e85e96b9b464be2c77
SSDEEP:12288:KXmwRo+mv8QD4+0N4690t+IdcbH2oUZMGwXhXFXpYMMV61O0kCcZtjQ6uUbVdCE:KX48QE+U/0JPNZjcZbeUO5CcZtM6rbVT
IMPHASH:b8494300a1f7342d4c600a7b12e15925
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with ed9f347dd6067cda61f17e8c16a426e8.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
ALYacTrojan.GenericKD.3415624
AVGFileCryptor.MCL
AVwareTrojan.Win32.Generic!BT
Ad-AwareTrojan.GenericKD.3415624
AegisLabUds.Dangerousobject.Multi!c
AhnLab-V3Trojan/Win32.Cryakl.N2051037711
Antiy-AVLTrojan[Ransom]/Win32.Cryakl
ArcabitTrojan.Generic.D341E48
AvastWin32:Malware-gen
AviraTR/Crypt.ZPACK.wyba
BaiduWin32.Trojan.Injector.iu
BitDefenderTrojan.GenericKD.3415624
BkavW32.Clod923.Trojan.6de6
CAT-QuickHealRansom.Criakl
CyrenW32/Trojan.FFHV-5151
DrWebTrojan.Encoder.567
ESET-NOD32Win32/Filecoder.EQ
EmsisoftTrojan.GenericKD.3415624 (B)
F-SecureTrojan.GenericKD.3415624
FortinetW32/Cryakl.ALT!tr
GDataTrojan.GenericKD.3415624
IkarusTrojan.Win32.Injector
JiangminTrojan.Cryakl.is
K7AntiVirusTrojan ( 004c2aec1 )
K7GWTrojan ( 004c2aec1 )
KasperskyTrojan-Ransom.Win32.Cryakl.alt
MalwarebytesTrojan.Dropper
McAfeeRDN/Ransom
McAfee-GW-EditionRDN/Ransom
MicroWorld-eScanTrojan.GenericKD.3415624
MicrosoftRansom:Win32/Criakl.D
NANO-AntivirusTrojan.Win32.Encoder.eesuey
PandaTrj/CI.A
Qihoo-360Win32/Trojan.af7
SophosMal/Isda-D
SymantecTrojan.Gen.2
TencentWin32.Trojan.Cryakl.Anpv
TrendMicroRansom_CRYPICH.F116GI
TrendMicro-HouseCallRansom_CRYPICH.F116GI
VIPRETrojan.Win32.Generic!BT
ViRobotTrojan.Win32.Z.Injector.693385[h]
nProtectTrojan.GenericKD.3415624
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\note.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
HKEY_CLASSES_ROOT\Directory
HKEY_CLASSES_ROOT\Directory\CurVer
HKEY_CLASSES_ROOT\Directory\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Directory\\Clsid
HKEY_CLASSES_ROOT\Folder
HKEY_CLASSES_ROOT\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\private message 1.01
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XbdGqB.dll
Comments
User comments about ed9f347dd6067cda61f17e8c16a426e8.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.