Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Ditertag"
- [*] MalScore: 10.0
- [*] File Name: "Exes_3000503a2c640778508d76a50c71df20.iso"
- [*] File Size: 1114112
- [*] File Type: "ISO 9660 CD-ROM filesystem data 'PO 55491MPV-BLOUSE KAAN'"
- [*] SHA256: "ced4223aefd706bf5ef98221787d2481eafab51d6cbd1308b18e87ca3fa12d5d"
- [*] MD5: "3000503a2c640778508d76a50c71df20"
- [*] SHA1: "adeded8d19d1bc6ab3c95f3af1c7b030e912ed1d"
- [*] SHA512: "6373d502a86a476d8ac590adcab0d9c6a54374807eb1ad4148872e093d3f131c4af157bd15e9c4682cfbb3615ecd46b41a0b8ea77eedbcbe12cbe3191f3e839a"
- [*] CRC32: "2DE51949"
- [*] SSDEEP: "24576:4AHnh+eWsN3skA4RV1Hom2KXMmHaOo6Y5KCjH5:/h+ZkldoPK8YaIY5td"
- [*] Process Execution: [
- "isoburn.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "File has been identified by 11 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "McAfee": "Artemis!8B8DFD8DD8B6"
- },
- {
- "AegisLab": "Trojan.Win32.Generic.4!c"
- },
- {
- "F-Secure": "Dropper.DR/AutoIt.Gen8"
- },
- {
- "DrWeb": "Trojan.MulDrop9.15725"
- },
- {
- "Invincea": "heuristic"
- },
- {
- "McAfee-GW-Edition": "Artemis!8B8DFD8DD8B6"
- },
- {
- "Ikarus": "Win32.Outbreak"
- },
- {
- "Cyren": "W32/AutoIt.IT.gen!Eldorado"
- },
- {
- "Microsoft": "Trojan:Win32/Ditertag.B"
- },
- {
- "Rising": "Trojan.Win32.Agent_.sa (CLASSIC)"
- },
- {
- "GData": "Win32.Trojan-Stealer.Azorult.W6VWJA"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: []
- [*] Mutexes: [
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1"
- ]
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {}
- [*] Resolved APIs: [
- "cryptbase.dll.SystemFunction036",
- "kernel32.dll.IsProcessorFeaturePresent",
- "kernel32.dll.InterlockedPopEntrySList",
- "kernel32.dll.InterlockedPushEntrySList",
- "kernel32.dll.InterlockedCompareExchange",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "comctl32.dll.RegisterClassNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "uxtheme.dll.EnableThemeDialogTexture",
- "uxtheme.dll.OpenThemeData",
- "uxtheme.dll.IsThemePartDefined",
- "uxtheme.dll.GetThemeMargins",
- "uxtheme.dll.GetThemeBool",
- "uxtheme.dll.GetThemeInt",
- "uxtheme.dll.SetWindowTheme",
- "uxtheme.dll.CloseThemeData",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegEnumKeyExW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoUninitialize",
- "uxtheme.dll.BufferedPaintInit",
- "uxtheme.dll.BufferedPaintRenderAnimation",
- "uxtheme.dll.BeginBufferedAnimation",
- "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
- "uxtheme.dll.DrawThemeParentBackgroundEx",
- "uxtheme.dll.DrawThemeBackground",
- "uxtheme.dll.DrawThemeText",
- "uxtheme.dll.EndBufferedAnimation",
- "uxtheme.dll.GetThemeTextExtent",
- "uxtheme.dll.DrawThemeParentBackground",
- "uxtheme.dll.GetThemePartSize",
- "uxtheme.dll.GetThemeBackgroundContentRect",
- "uxtheme.dll.GetThemeTransitionDuration"
- ]
- [*] Static Analysis: {}
Advertisement
Add Comment
Please, Sign In to add comment
