Description

Summary

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Identification

MD5	23912df27a61ea0463c5509ba6a97579
SHA1	6d04d56668e67e0d634a6914e54f503ec43cac8d
SHA256	cea8bb010eabac08eb71a9573dac157b690ab613be580065601c436549f4e755
ssdeep	98304:7im99vUKnhFX37Qx/SMHsJphLCYdbIDp7n8ofxAauAhJY59p7vFvIt19aMx:7im99vUoTASMHsVxKpfxA/AIVzFyx
imphash	cc69a3de44da87e2193fc992c3ffdd07
File size	4.8 MB ( 4983808 bytes )
File type	Win32 EXE
Magic literal	PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Antivirus detection

Antivirus	Result	Update
Ad-Aware	Gen:Variant.Dropper.99	20140619
AegisLab		20140619
Agnitum		20140618
AhnLab-V3		20140618
AntiVir	TR/Graftor.woienwqm	20140619
Antiy-AVL	Trojan[:HEUR]/Win32.AGeneric	20140619
Avast	Win32:PUP-gen [PUP]	20140619
AVG	Dropper.Generic_r.AF	20140619
Baidu-International	Adware.Win32.SProtector.45	20140619
BitDefender	Gen:Variant.Dropper.99	20140619
Bkav	W32.WinadeyLTA.Trojan	20140619
ByteHero	Trojan.Exception.gen.101	20140619
CAT-QuickHeal	Trojan.Agent.g5	20140619
ClamAV		20140619
CMC		20140619
Commtouch		20140619
Comodo	Application.Win32.Preload.A	20140619
DrWeb	Trojan.WebPick.35	20140619
Emsisoft	Gen:Variant.Dropper.99 (B)	20140619
ESET-NOD32	a variant of Win32/SProtector.H	20140619
F-Prot		20140619
F-Secure	Gen:Variant.Dropper.99	20140619
Fortinet	Adware/Agent	20140619
GData	Gen:Variant.Dropper.99	20140619
Ikarus	Trojan.Graftor	20140619
Jiangmin	Trojan/Agent.keqe	20140619
K7AntiVirus	Trojan ( 0049344e1 )	20140619
K7GW	Trojan ( 0049344e1 )	20140619
Kaspersky	Trojan.Win32.Agent.afsax	20140619
Kingsoft	Win32.Troj.Undef.(kcloud)	20140619
Malwarebytes	Trojan.SProtector	20140619
McAfee	Generic-FAOD!23912DF27A61	20140619
McAfee-GW-Edition		20140618
Microsoft		20140619
MicroWorld-eScan	Gen:Variant.Dropper.99	20140619
Norman		20140619
nProtect	Trojan/W32.Agent.4983808.C	20140619
Panda	Trj/Dropper.KM	20140618
Qihoo-360		20140619
Rising		20140619
Sophos	Mal/Drop-AVTZ	20140619
SUPERAntiSpyware		20140619
Symantec	Adware.BL	20140619
Tencent		20140619
TheHacker		20140617
TotalDefense		20140619
TrendMicro	ADW_SPROTECT	20140619
TrendMicro-HouseCall	ADW_SPROTECT	20140619
VBA32	BScope.Malware-Cryptor.SProtector	20140619
VIPRE	Trojan.Win32.Generic!BT	20140619
ViRobot	Trojan.Win32.A.Agent.4983808	20140619
Zillya	Trojan.Agent.Win32.458015	20140619
Zoner		20140616

Artifcats

Files modifications

Created files

Following files have been created in the All Users\%appdata%\ directory:

Assistant.dll (MD5: d4d1cc69e363813c14f289694756aa1e)
AssistantSvc.dll (MD5: c2af2ea2ab4630bec3f40293fb2a93b4)

Following file has been created in %user%\Local Settings\Temp\:

tf00294823.dll (MD5: d4d1cc69e363813c14f289694756aa1e)

Registry modifications

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Network indicators

Contacted domains

Domain	IP
applicationfirst.info applicationmyweb.info drivernetuk.info easyprobar.info foreverysun.info livedriverget.info livedrivernet.info livedriverset.info proffidrivergold.info proffidriversun.info skyprobar.info solutionnetuk.info zillionnetuk.info	162.210.192.21

HTTP request

GET /get/?data=cmLnkJRweDcq5RfMOQAIiGPEqqPQYqOXbfap2uE%2BrtykuyT/avQpIUmqbBvh%2BsqI%2BKDOo%2BvLF68146SaaUezSLsTGILvVuw2yFVBOjtDKtS3Lj1SNGPxE8e2vDdGAwfde%2Bbzx0jiXrLQD7TsW1xWOpNQ6KWcB6/zgArGsMHD55zPUJr5KepvnXFF3TGyy9Ynx7SKfiTy4vGWuSrcHyQDtJLBZuYFnGEifUk6NHDziGNqJDniTQWyRi9w/2vbOd%2Bt/6Z/TCsZTpmSAmIEERDKi6WuP8EzNXuZvCX9%2BBS%2BINAtbpjwio0Vce%2BdNubbywoS%2BfTLNLQnjKJhY2Qn53dJq3yZJuNt3UEHVrIGAp6jPzO5sTMgSE0XZp2k4juim1iAEDj2u2MMr/FSRKLs9o2MnW91M7accARQfES4cDH207vUJ3qPzCOhCdHlXw/5K2Q7ote91qyha&version=4 HTTP/1.1
Accept: */*
User-Agent: win32
Host: skyprobar.info
Cache-Control: no-cache

Static analysis

Resources

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

IATs

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Strings

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Comments

Keywords:

23912df27a61ea0463c5509ba6a97579

Contents

Description

Summary

Identification

Antivirus detection

Artifcats

Files modifications

Created files

Registry modifications

Network indicators

Contacted domains

HTTP request

Static analysis

Resources

IATs

Strings

Comments

Share your opinion

Navigation menu

23912df27a61ea0463c5509ba6a97579

Description

Summary

Identification

Antivirus detection

Artifcats

Files modifications

Created files

Registry modifications

Network indicators

Contacted domains

HTTP request

Static analysis

Resources

IATs

Strings

Comments

Share your opinion

Navigation menu

Search