Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 814
- * MalFamily: "7818210"
- * MalScore: 6.5
- * File Name: "Exes_5079e284d0f37fbe9091bfaceac7e8cc.exe"
- * File Size: 1507328
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "6e7e64ab1a86e9ddad6898422d0b1eac628711615509feaf8821f83b1742d236"
- * MD5: "5079e284d0f37fbe9091bfaceac7e8cc"
- * SHA1: "40dc5178cf4a4ef00059da0f9b5f1ab5d0970cd9"
- * SHA512: "4fcb34928194379c31df363c39385d33b0fceaa52f6169bce6f7e12ce7e447fefce6d482a04de36301e43f1b15ed30a3c74ae6ac1804f0bc6e48fa6b2abe197c"
- * CRC32: "D380B5C3"
- * SSDEEP: "24576:pr4dJ5dZtQsZvsUJNoQxEhiGS63aP/fJq8ossWT/Ppt:Z4dsUJNoQxEhiGba6g3"
- * Process Execution:
- "5InSPoPU4FuG7.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
- "Details":
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details":
- "IP_ioc": "61.164.121.170:80 (China)"
- "Description": "Operates on local firewall's policies and settings",
- "Details":
- "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
- "Details":
- "target": "clamav:Win.Trojan.7818210-1, sha256:6e7e64ab1a86e9ddad6898422d0b1eac628711615509feaf8821f83b1742d236, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- * Started Service:
- * Mutexes:
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1",
- "DBWinMutex"
- * Modified Files:
- * Deleted Files:
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List\\C:\\Users\\user\\AppData\\Local\\Temp\\5InSPoPU4FuG7.exe"
- * Deleted Registry Keys:
- * DNS Communications:
- * Domains:
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- "country_name": "China",
- "ip": "61.164.121.170",
- "inaddrarpa": "",
- "hostname": ""
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement