UnDqKnghuz.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.982281479405353
|
Filename: |
UnDqKnghuz.exe
|
Filesize: |
1234679
|
MD5: |
6dbe117853d74d0ec16bf6354521ffd4
|
SHA1: |
c823dde0abfb9b9dbac70a4234c1b7690bbcc567
|
SHA256: |
4bdc28f23090a76813fc90b3904248c12f64e4ac7fbd599d1d7cd9cf66e12a3d
|
SHA512: |
35766cc750c914ffe0f754958e79d6b1cdcdcfe4526f6fcce48f6922db555a61061f829069e2a3289b7e0ab6f6c4f9517d8a68ddad4e58f47d5248fafd2337b5
|
SSDEEP: |
24576:T9qKyEskB03bcz9kSrEV+EWj3XO73QBcFJsQfS9fwuW2boWRnYJVwr6QbyE:JZCN3Qz9IWj3XO73QBy2cWRnYJI5
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8.....
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Found stalling execution ending in API Sleep call |
Malware Analysis System Evasion |
|
Contains functionality for read data from the clipboard |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
Contains functionality to dynamically determine API calls |
Data Obfuscation, Anti Debugging |
|
Contains functionality to retrieve information about pressed keystrokes |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
Contains functionality to shutdown / reboot the system |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Detected potential crypto function |
System Summary |
|
Found potential string decryption / allocating functions |
System Summary |
Deobfuscate/Decode Files or Information
|
PE / OLE file has an invalid certificate |
System Summary |
File and Directory Discovery
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011) |
System Summary |
|
Contains functionality to check free disk space |
System Summary |
System Information Discovery
|
Contains functionality to enumerate / list files inside a directory |
Spreading, Malware Analysis System Evasion |
File and Directory Discovery
|
Contains functionality to instantiate COM classes |
System Summary |
|
Contains functionality to query windows version |
Language, Device and Operating System Detection |
System Information Discovery
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Reads ini files |
System Summary |
|
Reads software policies |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Sample reads its own file content |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\645238\Itunes.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
 |
|
|
File: |
C:\Users\user\AppData\Local\Temp\645238\Itunes.pif
|
Category: |
modified
|
Dump: |
Itunes.pif.1.dr
|
ID: |
dr_34
|
Target ID: |
1
|
Process: |
C:\Windows\SysWOW64\cmd.exe
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.777413141364669
|
Encrypted: |
false
|
Ssdeep: |
12288:FJV3REMvnCG22lhtjVoAYxQl+u13a/sVyaVeK56ORMkkOlPlNKlga4Umff2lRO:F3hEW3hlVodGl+gUKrMkzXa4P6RO
|
Size: |
937776
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files with a suspicious file extension |
Persistence and Installation Behavior |
|
Injects a PE file into a foreign processes |
HIPS / PFW / Operating System Protection Evasion |
|
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments |
System Summary |
|
Writes to foreign memory regions |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Drops PE files |
Persistence and Installation Behavior |
|
Sigma detected: Execution of Suspicious File Type Extension |
System Summary |
|
Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Queries a list of all running processes |
Malware Analysis System Evasion |
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
|
Category: |
dropped
|
Dump: |
RegAsm.exe.log.15.dr
|
ID: |
dr_37
|
Target ID: |
15
|
Process: |
C:\Users\user\AppData\Local\Temp\645238\RegAsm.exe
|
Type: |
ASCII text, with CRLF line terminators
|
Entropy: |
5.345080863654519
|
Encrypted: |
false
|
Ssdeep: |
24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
|
Size: |
1119
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates files inside the user directory |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\645238\RegAsm.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\645238\RegAsm.exe
|
Category: |
dropped
|
Dump: |
RegAsm.exe.10.dr
|
ID: |
dr_36
|
Target ID: |
10
|
Process: |
C:\Users\user\AppData\Local\Temp\645238\Itunes.pif
|
Type: |
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.049806962480652
|
Encrypted: |
false
|
Ssdeep: |
768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
|
Size: |
65440
|
Whitelisted: |
true
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Injects a PE file into a foreign processes |
HIPS / PFW / Operating System Protection Evasion |
|
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments |
System Summary |
|
Writes to foreign memory regions |
HIPS / PFW / Operating System Protection Evasion |
|
Allocates memory with a write watch (potentially for evading sandboxes) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Contains long sleeps (>= 3 min) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Drops PE files |
Persistence and Installation Behavior |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location |
System Summary |
|
Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
Obfuscated Files or Information
|
Contains medium sleeps (>= 30s) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Creates files inside the user directory |
System Summary |
|
Creates guard pages, often used to prevent reverse engineering and debugging |
Anti Debugging |
|
Creates mutexes |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Queries the cryptographic machine GUID |
Language, Device and Operating System Detection |
System Information Discovery
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\645238\p
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\645238\p
|
Category: |
dropped
|
Dump: |
p.9.dr
|
ID: |
dr_35
|
Target ID: |
9
|
Process: |
C:\Windows\SysWOW64\cmd.exe
|
Type: |
data
|
Entropy: |
7.9997469697758925
|
Encrypted: |
true
|
Ssdeep: |
12288:OOhC+jMier1rslHcZGNmVpJT6qqL6ot2e48CVa/TsFvGrx:JcHiCCHcZ6mV/2lPD48sXF0x
|
Size: |
653320
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Animals
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Animals
|
Category: |
dropped
|
Dump: |
Animals.0.dr
|
ID: |
dr_9
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.980270662950943
|
Encrypted: |
false
|
Ssdeep: |
768:48G7bJu1UY3dLi29NcNngX+F+2tzjOrnhILBWdinOEgg+ys6K:497bA3EKNcpzjIqIinTglynK
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Apollo
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Apollo
|
Category: |
dropped
|
Dump: |
Apollo.0.dr
|
ID: |
dr_30
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.526082733182312
|
Encrypted: |
false
|
Ssdeep: |
1536:pFskzWaIxOv/pAfkF/bIQ2dU7SP/jnsF4rJsx9RZqegm5kEMDz7:pFsgWaIU/pA8F/bx2donqqnRqgm7
|
Size: |
64512
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Arg
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Arg
|
Category: |
dropped
|
Dump: |
Arg.0.dr
|
ID: |
dr_27
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.447855104797778
|
Encrypted: |
false
|
Ssdeep: |
384:qr6dVo9J9+7vgmLmXQWbAqTwj1XIegjSbZI79sAQBlJUY:qOd+3Avgmy/bJCVKSb279sAOH
|
Size: |
20480
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Barbara
|
DIY-Thermocam raw data (Lepton 3.x), scale 25675-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale
bar, calibration: offset 28924494707576576933888.000000, slope 30105255213280014630912.000000
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Barbara
|
Category: |
dropped
|
Dump: |
Barbara.0.dr
|
ID: |
dr_6
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
DIY-Thermocam raw data (Lepton 3.x), scale 25675-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale
bar, calibration: offset 28924494707576576933888.000000, slope 30105255213280014630912.000000
|
Entropy: |
4.639371967096316
|
Encrypted: |
false
|
Ssdeep: |
192:7oooooooooooooooooooooooooooooooooooooooooooooooEFOiGHwJffX2crF4:1iwxFr9LE/MpfhwHLWK
|
Size: |
41984
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Blonde
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Blonde
|
Category: |
dropped
|
Dump: |
Blonde.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.994768422777199
|
Encrypted: |
true
|
Ssdeep: |
768:1R26q3C7WquB1VcsrjeizKbXfKBDmCElfexUb164Z1jkf78eNpJEC7y:rq202IehbXfcDmCEl2Aj1jG78Ov3W
|
Size: |
36864
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Cemetery
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Cemetery
|
Category: |
dropped
|
Dump: |
Cemetery.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
5.001958032723153
|
Encrypted: |
false
|
Ssdeep: |
1536:MBxhgari/D/3EfraF0Hikj06LDykFIciz0:MBxhgari/D/T0V06piw
|
Size: |
65536
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Coding
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Coding
|
Category: |
dropped
|
Dump: |
Coding.0.dr
|
ID: |
dr_8
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.997982660935016
|
Encrypted: |
true
|
Ssdeep: |
1536:4IUK/r4zdqteS8XNivm/N1Oap5KFWvqDGdsDU3BXuA+wdfnsGCmJHakcFU:fhr4gUSCNL/N17pM76JVsLmJHEU
|
Size: |
89088
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Cornwall
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Cornwall
|
Category: |
dropped
|
Dump: |
Cornwall.0.dr
|
ID: |
dr_12
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.771387253488154
|
Encrypted: |
false
|
Ssdeep: |
1536:0xj/JiB27MlRHq6EQU7uLQT6unj5ctpYuYtWGJG2kQyyyj:0qM7MlRKecTF5c2p02kQij
|
Size: |
69632
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Defense
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Defense
|
Category: |
dropped
|
Dump: |
Defense.0.dr
|
ID: |
dr_2
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
4.42655306835612
|
Encrypted: |
false
|
Ssdeep: |
384:jkqLyH3Per2Wfn2HuboETcKiKjxq/l1qIvtx4MjNyREfP91upu:jGWrT+UTcL4qHq25NKEHqQ
|
Size: |
17408
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Donald
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Donald
|
Category: |
dropped
|
Dump: |
Donald.0.dr
|
ID: |
dr_7
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.480629051556276
|
Encrypted: |
false
|
Ssdeep: |
768:d3jsJhQlEF2VVay1N5J3SoO6Qku2ox3hOk3Hsu1izubGntN6IZOjAV0SMg5:dgjQWq8GV3jOTJh1Xl2ub2tBOjAeK5
|
Size: |
47104
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Examined
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Examined
|
Category: |
dropped
|
Dump: |
Examined.0.dr
|
ID: |
dr_26
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.720623693995032
|
Encrypted: |
false
|
Ssdeep: |
1536:4dMhrNCsGJh5yA05E22VelTXzSj9xb7XDh1RlO:40lAYrlTGj91DhrlO
|
Size: |
55296
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Fake
|
ASCII text, with very long lines (1680), with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Fake
|
Category: |
dropped
|
Dump: |
Fake.0.dr
|
ID: |
dr_32
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
ASCII text, with very long lines (1680), with CRLF line terminators
|
Entropy: |
5.041195013528874
|
Encrypted: |
false
|
Ssdeep: |
384:+yJkojwwofHa2tiZGJlVCBevv2g/kA50aomSfFR0sgtN79ZUb/q/j9kJuKf83Li1:+yJkm4fdcg/YtFR0VLvUbsGJuSMupj
|
Size: |
26986
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Fake.cmd
|
ASCII text, with very long lines (1680), with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Fake.cmd
|
Category: |
dropped
|
Dump: |
Fake.cmd.1.dr
|
ID: |
dr_33
|
Target ID: |
1
|
Process: |
C:\Windows\SysWOW64\cmd.exe
|
Type: |
ASCII text, with very long lines (1680), with CRLF line terminators
|
Entropy: |
5.041195013528874
|
Encrypted: |
false
|
Ssdeep: |
384:+yJkojwwofHa2tiZGJlVCBevv2g/kA50aomSfFR0sgtN79ZUb/q/j9kJuKf83Li1:+yJkm4fdcg/YtFR0VLvUbsGJuSMupj
|
Size: |
26986
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\File
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\File
|
Category: |
dropped
|
Dump: |
File.0.dr
|
ID: |
dr_3
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.986836962746668
|
Encrypted: |
false
|
Ssdeep: |
768:dvq6LqgaHbdMNkNDUySdK8M4INduPbOUGM4INduPbOUb:dvtmgMbFuyO1MBNfMBNm
|
Size: |
30720
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Howto
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Howto
|
Category: |
dropped
|
Dump: |
Howto.0.dr
|
ID: |
dr_22
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.998575681850044
|
Encrypted: |
true
|
Ssdeep: |
3072:0DZ6+JjTv8UizlTg/I8AFyRB8saO5HOfNNQOTEZ:s6wjADziI3FyR2sD5HIbq
|
Size: |
115712
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Mild
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Mild
|
Category: |
dropped
|
Dump: |
Mild.0.dr
|
ID: |
dr_23
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.99888969936315
|
Encrypted: |
true
|
Ssdeep: |
3072:/RBHqrtvbLhcJ37dqPsj0RHzoYThtwSGdnvQNY9q:ZBkLiysoHzJ2QN6q
|
Size: |
149504
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Offered
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Offered
|
Category: |
dropped
|
Dump: |
Offered.0.dr
|
ID: |
dr_4
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.9972689811145985
|
Encrypted: |
true
|
Ssdeep: |
1536:t8ehsCkFYuu8vDL0eUf5CSV/4zjvtyLiLm:thsCzov8e6R4zjMH
|
Size: |
60416
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Paper
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Paper
|
Category: |
dropped
|
Dump: |
Paper.0.dr
|
ID: |
dr_5
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
4.7961342832822
|
Encrypted: |
false
|
Ssdeep: |
3:UGRGx6ucUqt/vllpfrYZcFTS9gXeF+X32ZpAo3P8GmbgElKmE/p3PN:UGEx7HqjvVg3F+X32l/8xb99E/p/N
|
Size: |
203
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Picks
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Picks
|
Category: |
dropped
|
Dump: |
Picks.0.dr
|
ID: |
dr_25
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
5.333497316418503
|
Encrypted: |
false
|
Ssdeep: |
768:bI4kSmEusWjcdeDvFQC7VkrHpluuxdCvEHKKgItUHi2:XusWjcdmQuklluhvEHKxi2
|
Size: |
65536
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Punk
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Punk
|
Category: |
dropped
|
Dump: |
Punk.0.dr
|
ID: |
dr_11
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.401299201386468
|
Encrypted: |
false
|
Ssdeep: |
192:wakNPfULsNQ6UUrUM6M1spD4QoHfqwipOcS0BiPyI+mHV8Fmepp2JaDwb7t3LWM2:wa6PfUIi6J89nOrHV8Eepte7t7WOa
|
Size: |
13312
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Sofa
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Sofa
|
Category: |
dropped
|
Dump: |
Sofa.0.dr
|
ID: |
dr_31
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.646158405288314
|
Encrypted: |
false
|
Ssdeep: |
1536:lxcZqvinN8PsJitgXKUvl8UTcyzJW784Lle+1X/tcAX:lU8PsYuXtvrhzU78Gle6Ptc8
|
Size: |
62464
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Spending
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Spending
|
Category: |
dropped
|
Dump: |
Spending.0.dr
|
ID: |
dr_19
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.502628759763657
|
Encrypted: |
false
|
Ssdeep: |
192:GX4cbQ+8bpx4i8iC5Ukg9gz7PLIQBEUOnU8G5poJQ/Kb:GIcvCYe9EnHE5G8JQ/u
|
Size: |
8192
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Sticky
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Sticky
|
Category: |
dropped
|
Dump: |
Sticky.0.dr
|
ID: |
dr_21
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.99834570966308
|
Encrypted: |
true
|
Ssdeep: |
3072:Ua/XG5NyzbTskAxtlx7QxTLulh/BKk4PoMB:Ua/XjskAxtL7q3ucrPJ
|
Size: |
113672
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Takes
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Takes
|
Category: |
dropped
|
Dump: |
Takes.0.dr
|
ID: |
dr_16
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.539250277569822
|
Encrypted: |
false
|
Ssdeep: |
384:aRiUYoelmXaQtviQM5uOcylkpDNQeScHgkYSO+qlf2eE4TJH05eZ3ChIYXBdSsBn:joeqaQ1/uu1ylkp5VAkGh2RDuaIYXBQO
|
Size: |
24576
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Tar
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Tar
|
Category: |
dropped
|
Dump: |
Tar.0.dr
|
ID: |
dr_28
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.064190944762654
|
Encrypted: |
false
|
Ssdeep: |
768:WyOQ5DuOKHnPiamE9w97OUg4eVDqp8VQ7A:TCOa69E9wFOUg/Rqp8b
|
Size: |
33407
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Tears
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Tears
|
Category: |
dropped
|
Dump: |
Tears.0.dr
|
ID: |
dr_29
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.490713983310591
|
Encrypted: |
false
|
Ssdeep: |
768:HHT5xv8xV9J7J6Ax6zNGB0toYyncyH9JRpHbDYA22HbbjNbkBYYTrIxp:H7v8xV96AE11yHxpfYAz7FbkdHIxp
|
Size: |
44032
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Thereof
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Thereof
|
Category: |
dropped
|
Dump: |
Thereof.0.dr
|
ID: |
dr_24
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
5.452134467192656
|
Encrypted: |
false
|
Ssdeep: |
768:AI0IKQ8SbkXhdqgWWwr2G+jvEHHzR3Sh7WscONK1n:v0IKQ8SoXTqgWVrZ+Int3SdFcH
|
Size: |
35840
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Threatened
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Threatened
|
Category: |
dropped
|
Dump: |
Threatened.0.dr
|
ID: |
dr_15
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.998121467279664
|
Encrypted: |
true
|
Ssdeep: |
1536:KjHlpsUETPQeSBGg0bFS1qm1YbfQd5VxY7MRZXv5GiHTz/TfJtO8ZqVchZfoLOT/:OFubTPQFBGTF+afm5VtRlHPbJTwVknT
|
Size: |
88064
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Till
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Till
|
Category: |
dropped
|
Dump: |
Till.0.dr
|
ID: |
dr_17
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
5.999421035943041
|
Encrypted: |
false
|
Ssdeep: |
768:eN3AFR97T98+sDkXLAlMoLVNIo8DJWxWWbP75qcaTlKWzhQVNsbSSkLQ7PqYIuew:q3OFTR7bAlHL/4aj5Vf7gqYruy
|
Size: |
59392
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Times
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Times
|
Category: |
dropped
|
Dump: |
Times.0.dr
|
ID: |
dr_20
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.468116046463624
|
Encrypted: |
false
|
Ssdeep: |
768:wiwDIUKo+jBAfe6TtgguvkFec+jJ5PZvimdN:wlDbKffUCJ5h3N
|
Size: |
28672
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Ultra
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Ultra
|
Category: |
dropped
|
Dump: |
Ultra.0.dr
|
ID: |
dr_13
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
7.304704098369676
|
Encrypted: |
false
|
Ssdeep: |
768:fQ3+laXM77HLqno09q6R6gx+gXrgkbjJcy5UxrUCVd:fQ3+EX0eomqewgMQjKy6xrnVd
|
Size: |
41984
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Visitor
|
PCX ver. 2.5 image data bounding box [63573, 17803] - [35788, 62541], 106 planes each of 139-bit uncompressed
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Visitor
|
Category: |
dropped
|
Dump: |
Visitor.0.dr
|
ID: |
dr_14
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
PCX ver. 2.5 image data bounding box [63573, 17803] - [35788, 62541], 106 planes each of 139-bit uncompressed
|
Entropy: |
6.654579996388891
|
Encrypted: |
false
|
Ssdeep: |
768:9bzc+ylIt0su0B4y+aZmzddtw1E1Yd5dArqsfGuYJhLgBF9OR7F8ufnz4kVDy:93vylIusu0B4MmHtt1OPeRQnz4qDy
|
Size: |
58368
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Weblogs
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Weblogs
|
Category: |
dropped
|
Dump: |
Weblogs.0.dr
|
ID: |
dr_10
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.5275139619689115
|
Encrypted: |
false
|
Ssdeep: |
96:0v+UWnQJK0afBv5HaReC3yIC3s+On6Oq5SF9kgwq0+VCAyCwlRyBVVgKFdxn:j90gBveeOyz1O6PSF9k20+IcrNZ
|
Size: |
6144
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\Worship
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\Worship
|
Category: |
dropped
|
Dump: |
Worship.0.dr
|
ID: |
dr_18
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\UnDqKnghuz.exe
|
Type: |
data
|
Entropy: |
6.33659461666454
|
Encrypted: |
false
|
Ssdeep: |
192:J4nWARSX8ZmwTFbl02Duz7GS1ztN1fZ6MZ2rEOA3TS18VmgpGOOsoDnnUK3+itMJ:uWMSMZmwTFK2Duz7GS1ztN1fZ6MZ2rEp
|
Size: |
8192
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|