File: f4d58d179b9921917096c4df0bc7686dbbed6ae048eb5f4a9c65e5703b2c2fc3

Metadata
File name:bindata.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:355042 bytes
Analysis date:Analyzed on October 24 2016 18:26:37
MD5:4108b38c3b8a11d6e9b5854cd1ed0467
SHA1:acac4fcf6e82fa829ffa4b80f967316f48beef2c
SHA256:f4d58d179b9921917096c4df0bc7686dbbed6ae048eb5f4a9c65e5703b2c2fc3
SHA512:bdbd36d476ff308c11ecafd82a75e47331b02760161c5a73ceced484e78101af88561cad9a2e787ebf729ba6d177ddf4b65cce8f0291b8de59eadc7cd05e9d6f
SSDEEP:6144:4b3XpbomoGOuC/54CpXclGF48APbnkgg8Ryhc7gbQSXNmtFFv:G3XSmvRo0KGDnPQhMcUtzv
IMPHASH:6444eb4e41b5f1f74904d8e15ca1d193
Authentihash:48bb6ae7e954ba40490fcba3fd22a69f945a2f520be8d4e520b7de3d3b4661db
Related resources
APTNotes
Cyber threat intelligence reports associated with f4d58d179b9921917096c4df0bc7686dbbed6ae048eb5f4a9c65e5703b2c2fc3.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
185.117.72.90
150.186.51.162
49.43.90.220
99.238.63.142
200.160.249.233
120.136.156.171
57.64.39.138
8.113.120.200
83.192.243.31
31.71.211.168
57.123.160.50
18.150.35.158
62.126.168.226
120.226.5.24
130.101.90.209
211.6.179.155
68.182.44.125
73.141.184.59
30.171.50.196
100.97.198.127
126.50.37.120
81.185.126.111
131.207.56.93
98.111.176.79
148.193.80.221
119.228.45.204
106.214.134.159
92.204.136.85
196.80.139.100
159.25.177.109
105.103.87.224
80.229.52.97
112.91.189.124
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
185.117.72.90/upload.phpMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\BaseNamedObjects\WBEMPROVIDERSTATICMUTEX"
"\Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMemory!Mutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}"
"\Sessions\1\BaseNamedObjects\_SHuassist.mtx"
"\Sessions\1\BaseNamedObjects\Global\EAFD305F66E96E2F"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
"\Sessions\1\BaseNamedObjects\8ED5CFD7E1CE5795"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!8gzavnz!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!8gzavnz!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!8gzavnz!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\RasPbFile"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about f4d58d179b9921917096c4df0bc7686dbbed6ae048eb5f4a9c65e5703b2c2fc3.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.