SHA-1: E23D120C8F3D12AC20165D02816753DC459BFB2A
VirusTotal Report
File size: 1451944 bytes
SAMPLE DOWNLOAD / ANALYSIS:
Files created:
C:\Windows\SysWOW64\asycfilt.dll
C:\Windows\SysWOW64\comcat.dll
C:\Windows\SysWOW64\MSVBVM50.dll
C:\Windows\SysWOW64\MSWINSCK.ocx
C:\Windows\SysWOW64\oleaut32.dll
C:\Windows\SysWOW64\olepro32.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\Windows\SysWOW64\yes.exe (VirusTotal)
C:\Windows\SysWOW64\yes.ini
Values created:
CU = Current User
LM = Local Machine
CU\Software\Microsoft\Windows\CurrentVersion\Run\yes "C:\WINDOWS\system32\yes.exe"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ "Microsoft WinSock Control, version 6.0"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ "C:\WINDOWS\system32\MSWINSCK.OCX"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ThreadingModel "Apartment"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\ "0"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1\ "132497"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID\ "MSWinsock.Winsock.1"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32\ "C:\WINDOWS\system32\MSWINSCK.OCX, 1"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version\ "1.0"
LM\Software\Classes\ClsId\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\VersionIndependentProgID\ "MSWinsock.Winsock"
LM\Software\Classes\ClsId\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\ "Winsock General Property Page Object"
LM\Software\Classes\ClsId\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\ "C:\WINDOWS\system32\MSWINSCK.OCX"
LM\Software\Microsoft\Windows\CurrentVersion\Run\yes
DOWNLOAD SAMPLE
MIRROR - DOWNLOAD SAMPLE
Password: malware-sniper
Members www.malware-sniper.blogspot.com no responsibility for any damage caused by malware. It is used at your own risk!
RSS Feed (xml)