Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Barys"
- * MalScore: 10.0
- * File Name: "Exes_330917c38844616fce7e601533a91ab7.exe"
- * File Size: 2369282
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive"
- * SHA256: "de5bd6ec3d7dd3b9133d7e576fa7c36f1040766e9a1151a78aa8d50210a28c04"
- * MD5: "330917c38844616fce7e601533a91ab7"
- * SHA1: "23302a6300f85966dc079ced4f5027b0813e2c6a"
- * SHA512: "e7455560aa2f05a102c9aa68b43aae858a9a48b576d1f789f906556e6f4a520a4bc701227a175186bbd1c433fd2190e18a1ab18d3ab7a350cb27d2c7c8544c80"
- * CRC32: "1C52CB8B"
- * SSDEEP: "49152:iFHRzkpdur4+11DlneyFO7INDGIKHDZzPzka8HuLe8D:iFtAduUob3OswIKHDZzbrKu1"
- * Process Execution:
- "Exes_330917c38844616fce7e601533a91ab7.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "Reads data out of its own binary image",
- "Details":
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00000000, length: 0x00000007"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00000000, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00000007, length: 0x000ffff0"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00001ff0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00003fe0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00005fd0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00007fc0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00009fb0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0000bfa0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0000df90, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0000ff80, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00011f70, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00013f60, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00015f50, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00017f40, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00019f30, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0001bf20, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0001df10, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0001ff00, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00021ef0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00023ee0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00025ed0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00027ec0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00029eb0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0002bea0, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0002de90, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0002fe80, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00031e70, length: 0x00002000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00033a00, length: 0x00000031"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00033a19, length: 0x001e5000"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00220088, length: 0x00000044"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0022fcfb, length: 0x0000004a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002301cc, length: 0x00000048"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002302b4, length: 0x0000004e"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023049b, length: 0x0000004c"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002305a4, length: 0x00000040"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002305f5, length: 0x00000058"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002308c0, length: 0x0000004a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00230a00, length: 0x0000004b"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00230af4, length: 0x00000043"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00230b54, length: 0x0000005d"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00231172, length: 0x0000005d"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00231402, length: 0x0000005d"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023147e, length: 0x0000005d"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002314fd, length: 0x0000005d"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00231579, length: 0x00000058"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002315eb, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232337, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023273e, length: 0x00000058"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002327a6, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023291b, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232995, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232a34, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232a9b, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232b02, length: 0x0000005a"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232b69, length: 0x00000051"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002342a9, length: 0x0000004e"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023488c, length: 0x00000054"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00234929, length: 0x00000058"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00236169, length: 0x0000004f"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023f0fa, length: 0x00000058"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00240ba5, length: 0x0000004b"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00240dd0, length: 0x00000051"
- "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00241be1, length: 0x0000032a"
- "Description": "File has been identified by 21 Antiviruses on VirusTotal as malicious",
- "Details":
- "MicroWorld-eScan": "Gen:Variant.Barys.2200"
- "McAfee": "Artemis!330917C38844"
- "Cylance": "Unsafe"
- "BitDefender": "Gen:Variant.Barys.2200"
- "Arcabit": "Trojan.Barys.D898"
- "Cyren": "W32/Trojan.ELYK-9138"
- "TrendMicro-HouseCall": "TROJ_GE.B1AB6E63"
- "GData": "Gen:Variant.Barys.2200"
- "Avast": "Win32:Malware-gen"
- "F-Secure": "Gen:Variant.Barys.2200"
- "Invincea": "heuristic"
- "McAfee-GW-Edition": "BehavesLike.Win32.Dropper.vc"
- "Emsisoft": "Gen:Variant.Barys.2200 (B)"
- "Avira": "TR/Dropper.Gen"
- "MAX": "malware (ai score=96)"
- "AegisLab": "Gen.Variant.Ursu!c"
- "Ikarus": "Trojan.Dropper"
- "AVG": "Win32:Malware-gen"
- "Cybereason": "malicious.388446"
- "CrowdStrike": "malicious_confidence_70% (D)"
- "Qihoo-360": "Win32/Trojan.500"
- * Started Service:
- * Mutexes:
- "DefaultTabtip-MainUI",
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1"
- * Modified Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\__tmp_rar_sfx_access_check_8255140",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Logo.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\MikrotikLogUtils.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\NppShell_04.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\SciLexer.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\SendStat.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\SpcLoadExt.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Unpack.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Update.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Wait.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\NppDump.dmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils.exe",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\notepad++.exe",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\nppIExplorerShell.exe",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\regsvr32.exe",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\SpcLoadExt.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\comdlg32.oca",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Mscomctl.oca",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Msinet.oca",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\comdlg32.ocx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Mscomctl.ocx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Msinet.ocx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Mswinsck.ocx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Tabctl32.ocx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Log On Email.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Log On FTP.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Traffic On Email.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Traffic On FTP.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Clean LOG.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Download and apply Black List all.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Send About On Email.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Send Update On Email.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Update Check.script",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_1.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_2.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_3.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_4.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_5.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_1.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_2.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_3.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_4.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_5.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_1.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_2.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_3.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_4.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_5.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\themes\\Bespin.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\config.model.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\contextMenu.backup.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\localization\\english.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\langs.model.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\localization\\russian.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\shortcuts.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\stylers.model.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\localization",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\plugins",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\themes",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\updater",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\user.manual",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_System",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts"
- * Deleted Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\__tmp_rar_sfx_access_check_8255140"
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- * Domains:
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement