Analysis Date2017-07-14 11:00:19
MD512a6fae70476495c8f3afdc882e71d75
SHA1e89feebe2aabc1b4b21777454ff8d78cc7079355

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7484663576dd776e0864e4284d617e99 sha1: cab1d117488ebf587c708c6b579318ff80d2ffad size: 8704
Section.data md5: 3ce0a0f00feb025925c49c19e0b85cfb sha1: 71494571425d91712f55ffa328ac5f6761559494 size: 3072
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: 907b7f7ed967d3da56b3b65a17ab48ac sha1: 0631c78e79f7d50a1b7e22e93a0c873c056d5ea4 size: 22016
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash61837bdc2bf2c6b601f60da6021902d8
AV360 SafeWorm.Win32.Elenoocka.AS
AVAd-AwareTrojan.Ransom.Dalexis.F
AVAlwil (avast)Crypt-RSD [Trj]
AVArcabit (arcavir)Trojan.Ransom.Dalexis.F
AVAuthentiumW32/Dalexis.EUTZ-0721
AVAvira (antivir)TR/Cabby.uxize
AVBitDefenderTrojan.Ransom.Dalexis.F
AVBullGuardTrojan.Ransom.Dalexis.F
AVCA (E-Trust Ino)Trojan.Ransom.Dalexis.F
AVCAT (quickheal)TrojanDownloader.Dalexis.A3
AVClamAVWin.Trojan.Ransom-9025
AVDr. WebTrojan.DownLoad3.35539
AVEmsisoftTrojan.Ransom.Dalexis.F
AVEset (nod32)Win32/TrojanDownloader.Elenoocka.A
AVF-SecureTrojan.Ransom.Dalexis.F
AVFortinetW32/Vimditator.AIRO!tr
AVFrisk (f-prot)W32/Dalexis.A
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan-Ransom.CryptoWall3
AVK7Error Scanning File
AVKasperskyTrojan-Downloader.Win32.Cabby.cdim
AVMalwareBytesTrojan.Email.FakeDoc
AVMcafeeRansom-CTB!12A6FAE70476
AVMicroWorld (escan)Trojan.Ransom.Dalexis.F
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Dalexis.C
AVNANOTrojan.Win32.Cabby.dncxyo
AVPadvishNo Virus
AVRisingTrojan.Win32.CTB.b
AVSUPERAntiSpywareRansom.Dalexis/Variant
AVSymantecDownloader.Ponik!gen11
AVTrend MicroTROJ_DALEXIS.SMK
AVTwisterTrojanDldr.Elenoocka.A.rxaz
AVVirusBlokAda (vba32)TrojanDownloader.Cabby
AVWindows DefenderTrojanDownloader:Win32/Dalexis.C
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\e89feebe2aabc1b4b21777454ff8d78cc7079355.rtf
Creates FileC:\WINDOWS\Registration\R000000000007.clb
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\e89feebe2aabc1b4b21777454ff8d78cc7079355.rtf
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\e89feebe2aabc1b4b21777454ff8d78cc7079355.rtf
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.BUD
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\StdNames.gpd
Creates FileC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdui.ini
Creates MutexCTF.LBES.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.Compart.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.Asm.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.Layouts.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.TMD.MutexDefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates MutexCTF.TimListCache.FMPDefaultS-1-5-21-2000478354-527237240-1801674531-1003MUTEX.DefaultS-1-5-21-2000478354-527237240-1801674531-1003
Creates Mutex
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00

Process
↳ C:\e89feebe2aabc1b4b21777454ff8d78cc7079355.exe

Creates FileC:\WINDOWS\WindowsShell.Manifest
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\temp_cab_5440250.cab
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\temp_cab_5440250.cab
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\temp_cab_5440250.cab
Creates FileC:\DOCUME~1\Admin\Local Settings\Temp\e89feebe2aabc1b4b21777454ff8d78cc7079355.rtf
Creates FileC:\Program Files\Windows NT\Accessories\WORDPAD.EXE
Creates FileC:\Program Files\Windows NT\Accessories\WORDPAD.EXE
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates FileC:\WINDOWS\system32\dssenh.dll
Creates Mutex
Creates Mutex87281673
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c54-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59b1c52-4fc7-11e5-ae19-806d6172696f}\BaseClass ➝
Drive\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ➝
C:\Documents and Settings\All Users\Documents\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ➝
C:\Documents and Settings\All Users\Desktop\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ➝
WordPad\\x00

Network Details:


Raw Pcap

Strings
RSDS[J
proftur.pdb
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hQR@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hQR@
hvS@
heS@
hQR@
hQR@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hvS@
heS@
hQR@
K0\j
Rfb-
QfbP
QfbV
>Xfb
QfbV
hQR@
hvS@
heS@
hvS@
heS@
hvS@
heS@
hvS@
heS@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
5\@@
hQR@
hQR@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hQR@
hQR@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hQR@
hQR@
hQR@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hQR@
hQR@
hQR@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hQR@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hQR@
hQR@
hQR@
hFR@
h9R@
h)R@
hQR@
hQR@
hvS@
heS@
hQR@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hQR@
hQR@
hQR@
hvS@
heS@
hQR@
hvS@
heS@
hQR@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hQR@
hQR@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hQR@
hFR@
h9R@
h)R@
hQR@
hQR@
hQR@
hQR@
hQR@
hvS@
heS@
hvS@
heS@
hQR@
hvS@
heS@
hQR@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hQR@
hvS@
heS@
hvS@
heS@
hQR@
hvS@
heS@
hvS@
heS@
hvS@
heS@
hQR@
hvS@
heS@
hvS@
heS@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hvS@
heS@
hvS@
heS@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hQR@
hQR@
hvS@
heS@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
hFR@
h9R@
h)R@
hvS@
heS@
CompareStringA
GetCurrentProcess
GetProcessId
CreateDirectoryA
GetCurrentDirectoryA
VirtualAllocEx
GetModuleHandleA
CreateNamedPipeA
WaitForSingleObject
GetPrivateProfileIntA
ReadConsoleA
lstrcpynA
GetTickCount
GetConsoleTitleA
GetDateFormatA
WriteConsoleA
GetBinaryTypeA
UpdateResourceA
GetAtomNameA
GetStringTypeA
GetTimeFormatA
GetPrivateProfileSectionA
GetVersionExA
GetLongPathNameA
KERNEL32.dll
CADeleteCA
CAEnumFirstCA
certcli.dll
TransparentBlt
vSetDdrawflag
AlphaBlend
GradientFill
DllInitialize
msimg32.dll
drvSetDefaultCommConfigA
InvokeControlPanel
modemui.dll
OpenServiceA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegFlushKey
ControlService
RegQueryValueA
RegCreateKeyA
IsTextUnicode
CreateServiceA
ADVAPI32.dll
WTSOpenServerW
WTSSetSessionInformationW
WTSEnumerateServersA
WTSSetUserConfigW
WTSVirtualChannelWrite
WTSQueryUserToken
WTSVirtualChannelClose
WTSVirtualChannelRead
WTSQuerySessionInformationA
WTSFreeMemory
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsW
WTSEnumerateProcessesA
WTSAPI32.dll
kernel32.DLL
UdBjSgiYEovvGce
liQRCXwllC
ZrMUhmeUQFzVzjln
(aJBq
i5jl1s'
mq[2
y>k"7|
R8BbtZ
S*a<
	:ky
CL"}Jx
RY:'d
va+ uLshu{
.	25#(
$xhC_nK
^xz%
~uxjt
boun
Vcy3
wv>9*
4rPc<
.lu\
&e1yq
|b*3
(aJBq
i5jl1s'
mq[2
y>k"7|
R8BbtZ
S*a<
	:ky
CL"}Jx
RY:'d
va+ uLshu{
.	25#(
$xhC
gX#N
c%iG
oeC%
SyW
iG?F
Y7c\
u :`>
[9f{
yEZ(
&n{Y$(hF
w-T"
R0?N
B ft
>AhF
#E_=
`;+
gpH&
GtdB
R\yW
Z8sPmK
lJMW
S1G:
V4|]oM
xV!T^<
kI\AcA
)CkI
6E.^
wqO-
)YXp
i4e$
""{|8>n@
/'G)
y[y#
h:.t
e,_L]
!M,~
FBMys
4A6H
%-Qo
Qexd
e/h*
t=P.
S.W4
iX1M
(~~]
];PI
N<w|
;pmtZ
2>}o
+BK\s-pN#p
p?75i
ZA^.
{Y~8?
|=/]"
>,7w
obEb
^X^!
3]SQ
a?=Wcz
/@4)
@IZua
R0QbV4
F$?z
\?vT
w|Z-
G0B
&!k\
zD2=
xN4L
t}-N,
1`jH
Z8<YnL
C!B]F$
sQeb
ZJDj
2lzc3
g+<v
U73S
z2JYx
_{v"
YwD`n
n)xr
.mXQ
z\P1
BeNP