Analyzing...
|
File Name:   eaa33e33b8b77dd514014ed62d741461d53e8039
SHA1:   eaa33e33b8b77dd514014ed62d741461d53e8039
MD5:   adb23eb715fb61614e237bd78eee0024
First Seen Date:  2015-12-31 07:46:06.459106 ( )
Number of Clients Seen:   3
Last Analysis Date:  2015-12-31 07:46:06.459139 ( )
Human Expert Analysis Result:   No human expert analysis verdict given to this sample yet.
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2015-12-31 07:46:06.459139 | Clean | |
Static Analysis Overall Verdict | 2015-12-31 07:46:06.459139 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2015-12-31 07:46:06.459139 | Highly Suspicious |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Packer detection on signature database | Unknown | help |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Anti-debug calls
FindWindowA
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
Highly Suspicious |
Suspicious Behaviors | |
---|---|
Modifies Windows policies | |
Writes to address space of another process | |
Uses a function clandestinely | |
Modifies Windows Service Keys | |
Reads memory of another process | |
Opens a file in a system directory | |
Has no visible windows | |
Logs user key strokes |
Behavioral Information
C:\Windows\System32\shdocvw.dll
netutils.dll
comctl32.dll
SXS.DLL
ole32.dll
propsys.dll
CRYPTBASE.dll
USER32.dll
cscapi.dll
OLEAUT32.dll
SHELL32.dll
ntshrui.dll
DEVRTL.dll
C:\Windows\system32\ExplorerFrame.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
SHLWAPI.dll
OLEAUT32
SETUPAPI.dll
PROPSYS.dll
ntdll.dll
ADVAPI32.dll
ntmarta.dll
srvcli.dll
slc.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
EventMessageFile
Programs
Common Programs
Common Desktop
Desktop
ActiveSkin.SkinLabel
{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}
CurVer
Programmable
{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}
ActiveSkin.SkinButton
Insertable
1.0
VersionIndependentProgID
{D4E0F020-720A-11CF-8136-00AA00C14959}
ActiveSkin.ComProcTextures
InprocServer32
{322982E1-0855-11D3-9DCF-DDFB3AB09E18}
ActiveSkin.SkinSource
{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}
ProgID
ToolboxBitmap32
ActiveSkin.SkinPopup
HELPDIR
MiscStatus
{972DE6C3-8B09-11D2-B652-A1FD6CC34260}
ActiveSkin.ComMorph
CLSID
TypeLib
{CBB76011-C508-11D1-A3E3-00A0C90AEA82}
ActiveSkin.SkinPanel.1
Software\Gentee
ActiveSkin.SkinStorage.1
verb
{E43FD401-8715-11D1-98E7-00A0C9702442}
{737361EC-467F-11D1-810F-0000F87557AA}
ActiveSkin.SkinForm
{6CFC9BA1-FE87-11D2-9DCF-ED29FAFE371D}
{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}
{53FA8D31-2CDD-11D3-9DD0-D3CD4078982A}
ActiveSkin.SkinEvent.1
{888A5A60-B283-11CF-8AD5-00A0C90AEA82}
Control
{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}
{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}
{FCFB3D2B-A0FA-1068-A738-08002B3371B5}
{EB41E8C4-4442-11D1-8906-00A0C9110049}
{55DD814E-A1B7-4808-9625-4F75A3FAD8A7}
{EE11629B-36DF-11D3-9DD0-89D6DBBBA800}
ActiveSkin.ComMoveSize.1
1
{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}
{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}
{EB41E8C2-4442-11D1-8906-00A0C9110049}
{A4C466B8-499F-101B-BB78-00AA00383CBB}
ActiveSkin.SkinEvent
{C4D651F2-7697-11D1-A1E9-00A0C90F2731}
{41A7D761-6018-11CF-9016-00AA0068841E}
{53FA8D4B-2CDD-11D3-9DD0-D3CD4078982A}
Software\Gentee\Paths
{C4D651F0-7697-11D1-A1E9-00A0C90F2731}
2
{CA478DA0-3920-11D3-9DD0-8067E4A06603}
{37DEB787-2D9B-11D3-9DD0-C423E6542E10}
ProxyStubClsid32
ActiveSkin.ComTransitions.1
{37DEB788-2D9B-11D3-9DD0-C423E6542E10}
{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}
{14E469E0-BF61-11CF-8385-8F69D8F1350B}
ActiveSkin.SkinForm.1
3
{2CE46480-1A08-11CF-AD63-00AA00614F3E}
{972DE6C1-8B09-11D2-B652-A1FD6CC34260}
{53FA8D44-2CDD-11D3-9DD0-D3CD4078982A}
ActiveSkin.ComFilters
{53FA8D46-2CDD-11D3-9DD0-D3CD4078982A}
{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}
ActiveSkin.SkinButton.1
ActiveSkin.SkinScrollBar.1
{CA478DA1-3920-11D3-9DD0-8067E4A06603}
{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}
{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}
{3C6D21D6-7470-4555-A8FB-6C2292B39C46}
{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}
{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}
Version
{4F7AE600-0142-11D3-9DCF-89BE4EFB591E}
{6CFC9BA3-FE87-11D2-9DCF-ED29FAFE371D}
{A4C46780-499F-101B-BB78-00AA00383CBB}
{45046D60-08CA-11CF-A90F-00AA0062BB4C}
{C4D7E3C7-3C26-4052-A993-71E500EA8C05}
{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}
{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}
ActiveSkin.ComFilters.1
ActiveSkin.ComMorph.1
{8F59C2A4-4C01-4451-BE5B-09787B123A5E}
ActiveSkin.SkinSource.1
{322982E0-0855-11D3-9DCF-DDFB3AB09E18}
ActiveSkin.SkinPopup.1
Software
{83C49FF0-B294-11D0-9488-00A0C91110ED}
0
ActiveSkin.SkinLabel.1
{972DE6B5-8B09-11D2-B652-A1FD6CC34260}
{4495AD01-C993-11D1-A3E4-00A0C90AEA82}
{EB41E8C3-4442-11D1-8906-00A0C9110049}
{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}
ActiveSkin.SkinScrollBar
{920FF31F-CA25-451A-9738-3444FC206BCC}
{EB41E8C1-4442-11D1-8906-00A0C9110049}
win32
{B28FA150-0FF0-11CF-A911-00AA0062BB4C}
ActiveSkin.ComProcTextures.1
{C0324960-2AAA-11CF-AD67-00AA00614F3E}
{C4D651F1-7697-11D1-A1E9-00A0C90F2731}
{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}
ActiveSkin.ComTransitions
{41A7D760-6018-11CF-9016-00AA0068841E}
ActiveSkin.SkinStorage
ActiveSkin.ComMoveSize
{7500A6BA-EB65-11D1-938D-0000F87557C9}
ActiveSkin.SkinPanel
{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}
{EB41E8C5-4442-11D1-8906-00A0C9110049}
FLAGS
C:\Users\win7\Contacts\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
C:\Users\win7\Downloads\desktop.ini
C:\Users\win7\Desktop\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
C:\Users\desktop.ini
C:\Users\win7\Favorites\desktop.ini
C:\Users
C:\Users\win7
C:\Users\win7\Links\desktop.ini
C:\Users\win7\Searches\desktop.ini
C:\Windows\system32\msvbvm60.dll\3
C:\Windows\system32\msvbvm60.dll
C:\Windows\system32\rsaenh.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½.lnk
\\.\PIPE\srvsvc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½\ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ļæ½ ļæ½ļæ½ļæ½ļæ½.lnk
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\win7\Saved Games\desktop.ini
C:\
C:\Windows\SysWOW64\ieframe.dll
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\Videos\desktop.ini
C:\Windows\SysWOW64\stdole2.tlb
{EE11629B-36DF-11D3-9DD0-89D6DBBBA800}
InprocServer32
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
TypeLib
Control
{972DE6C3-8B09-11D2-B652-A1FD6CC34260}
SessionInfo\1
Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
{B28FA150-0FF0-11CF-A911-00AA0062BB4C}
system\CurrentControlSet\control\NetworkProvider\HwOrder
ProxyStubClsid32
ActiveSkin.SkinPopup
Advanced
CLSID\{11DBB47C-A525-400B-9E80-A54615A090C0}
{A75D362E-50FC-4FB7-AC2C-A8BEAA314493}
VersionIndependentProgID
System\CurrentControlSet\Services\EventLog\Application
ActiveSkin.ComMoveSize.1
PropertyBag
CLSID\{00021401-0000-0000-C000-000000000046}
CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
CurVer
MiscStatus
Programmable
Interface
{53FA8D44-2CDD-11D3-9DD0-D3CD4078982A}
{7500A6BA-EB65-11D1-938D-0000F87557C9}
{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}
{0762D272-C50A-4BB0-A382-697DCD729B80}
SystemFileAssociations\.url
.txt\OpenWithProgids
CLSID
{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}
.txt
{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}
{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
{C0324960-2AAA-11CF-AD67-00AA00614F3E}
TreatAs
ActiveSkin.SkinLabel
{53FA8D31-2CDD-11D3-9DD0-D3CD4078982A}
Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
ActiveSkin.SkinForm
CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}
ActiveSkin.ComTransitions
{CA478DA0-3920-11D3-9DD0-8067E4A06603}
{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
shell
Version
{A305CE99-F527-492B-8B1A-7E76FA98D6E4}
CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
ShellEx\IconHandler
{CA478DA1-3920-11D3-9DD0-8067E4A06603}
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3979321414-2393373014-2172761192-1000
{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}
ProgID
{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}
Insertable
{A4115719-D62E-491D-AA7C-E74B8BE3B067}
<NULL>
Interface\{00000134-0000-0000-C000-000000000046}
ActiveSkin.SkinPopup.1
{1A6FDBA2-F42D-4358-A798-B74D745926C5}
{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}
HELPDIR
{491E922F-5643-4AF4-A7EB-4E7A138D8174}
ActiveSkin.SkinForm.1
AppID\sample
DocObject
Clsid
ActiveSkin.SkinScrollBar.1
{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}
Software\Policies\Microsoft\Cryptography
CLSID\{11DBB47C-A525-400B-9E80-A54615A090C0}\SupportedProtocols
{DF7266AC-9274-4867-8D55-3BD661DE872D}
{322982E1-0855-11D3-9DCF-DDFB3AB09E18}
{737361EC-467F-11D1-810F-0000F87557AA}
{10C07CD0-EF91-4567-B850-448B77CB37F9}
CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}
ActiveSkin.SkinPanel
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\sample
ActiveSkin.SkinSource.1
Software\Microsoft\Cryptography\Offload
CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32
{3D644C9B-1FB8-4F30-9B45-F670235F79C0}
{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}
{41A7D760-6018-11CF-9016-00AA0068841E}
{BF1B5D50-3C5C-48CE-B991-0E86D26F6F5E}
{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}
{53FA8D46-2CDD-11D3-9DD0-D3CD4078982A}
{41A7D761-6018-11CF-9016-00AA0068841E}
{905E63B6-C1BF-494E-B29C-65B732D3D21A}
CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}
software\microsoft\windows\currentversion\setup\PnpLockdownFiles
KnownFolders
{3214FAB5-9757-4298-BB61-92A9DEAA44FF}
{14E469E0-BF61-11CF-8385-8F69D8F1350B}
win32
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
ActiveSkin.ComFilters.1
{8F59C2A4-4C01-4451-BE5B-09787B123A5E}
CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance
{37DEB787-2D9B-11D3-9DD0-C423E6542E10}
{A4C466B8-499F-101B-BB78-00AA00383CBB}
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
BrowseInPlace
Software\Microsoft\Cryptography
ToolboxBitmap32
ActiveSkin.SkinPanel.1
Software\Microsoft\OLE
{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}
{DCE47F78-8A6C-4C6D-A6F7-8BE4427127C4}
ActiveSkin.SkinButton.1
{37DEB788-2D9B-11D3-9DD0-C423E6542E10}
.url
CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}
{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}
Software\Microsoft\OLE\AppCompat
{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}
command
System\CurrentControlSet\Services\LDAP
ActiveSkin.ComProcTextures
ActiveSkin.SkinLabel.1
{D4E0F020-720A-11CF-8136-00AA00C14959}
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
.exe\OpenWithProgids
{babe9b11-0f98-11e5-b301-806e6f6e6963}\
{15CA69B3-30EE-49C1-ACE1-6B5EC372AFB5}
{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}
ActiveSkin.SkinStorage.1
{C4D7E3C7-3C26-4052-A993-71E500EA8C05}
ActiveSkin.SkinEvent
{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}
InitPropertyBag
open
ActiveSkin.ComTransitions.1
{DEBF2536-E1A8-4C59-B6A2-414586476AEA}
Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
{A4C46780-499F-101B-BB78-00AA00383CBB}
.exe
{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}
{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}
{FCFB3D2B-A0FA-1068-A738-08002B3371B5}
{289A9A43-BE44-4057-A41B-587A76D7E7F9}
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward
Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
{9E52AB10-F80D-49DF-ACB8-4330F5687855}
{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}
CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InProcServer32
{E43FD401-8715-11D1-98E7-00A0C9702442}
.hlp
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
SOFTWARE\Microsoft\OLE
Software\Microsoft\Windows\CurrentVersion
{4F7AE600-0142-11D3-9DCF-89BE4EFB591E}
{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}
{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}
{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}
{AE50C081-EBD2-438A-8655-8A092E34987A}
{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}
{53FA8D4C-2CDD-11D3-9DD0-D3CD4078982A}
{EB41E8C1-4442-11D1-8906-00A0C9110049}
{1777F761-68AD-4D8A-87BD-30B759FA33DD}
{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}
Software\Microsoft\COM3
SOFTWARE\Microsoft\OLEAUT
{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}
ActiveSkin.ComProcTextures.1
{babe9b14-0f98-11e5-b301-806e6f6e6963}\
ActiveSkin.SkinSource
{322982E0-0855-11D3-9DCF-DDFB3AB09E18}
{55DD814E-A1B7-4808-9625-4F75A3FAD8A7}
Software\Microsoft\Rpc
{C4D651F0-7697-11D1-A1E9-00A0C90F2731}
{2B0F765D-C0E9-4171-908E-08A611B84FF6}
ActiveSkin.SkinScrollBar
Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace
{C4D651F2-7697-11D1-A1E9-00A0C90F2731}
UsersFiles\NameSpace\DelegateFolders
CLSID\{682159D9-C321-47CA-B3F1-30E36B2EC8B9}
Directory
ActiveSkin.ComFilters
{43668BF8-C14E-49B2-97C9-747784D784B7}
{9E3995AB-1F9C-4F13-B827-48B24B6C7174}
{054FAE61-4DD8-4787-80B6-090220C4B700}
{7B396E54-9EC5-4300-BE0A-2482EBAE1A26}
{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}
{8AD10C31-2ADB-4296-A8F7-E4701232C972}
{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}
{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}
Interface\{00020400-0000-0000-C000-000000000046}
DelegateFolders
{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}
{4495AD01-C993-11D1-A3E4-00A0C90AEA82}
hlpfile
Interface\{489E9453-869B-4BCC-A1C7-48B5285FD9D8}
{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}
{4BD8D571-6D19-48D3-BE97-422220080E43}
{E555AB60-153B-4D17-9F04-A5FE99FC15EC}
ActiveSkin.ComMorph
{972DE6B5-8B09-11D2-B652-A1FD6CC34260}
{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}
{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}
.url\OpenWithProgids
UserChoice
{CAC52C1A-B53D-4EDC-92D7-6B2E8AC19434}
{18989B1D-99B5-455B-841C-AB7C74E4DDFC}
CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\ShellFolder
{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}
Software\Policies\Microsoft\Windows\Explorer
SYSTEM\CurrentControlSet\Services\BFE
Drive\shellex\FolderExtensions
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
{3C6D21D6-7470-4555-A8FB-6C2292B39C46}
Folder
{B97D20BB-F46A-4C97-BA10-5E3608430854}
{888A5A60-B283-11CF-8AD5-00A0C90AEA82}
{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}
{B94237E7-57AC-4347-9151-B08C6C32D1F7}
{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}
{6CFC9BA1-FE87-11D2-9DCF-ED29FAFE371D}
{CBB76011-C508-11D1-A3E3-00A0C90AEA82}
CLSID\{00020420-0000-0000-C000-000000000046}
ActiveSkin.ComMorph.1
{D9DC8A3B-B784-432E-A781-5A1130A75963}
ActiveSkin.ComMoveSize
{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}
AllFilesystemObjects
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}
Software\Microsoft\Windows\CurrentVersion\App Paths\sample.exe
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
{920FF31F-CA25-451A-9738-3444FC206BCC}
{6CFC9BA3-FE87-11D2-9DCF-ED29FAFE371D}
CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}
{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
ActiveSkin.SkinEvent.1
Software\Microsoft\Ole
SystemFileAssociations\.txt
{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
{2CE46480-1A08-11CF-AD63-00AA00614F3E}
{45046D60-08CA-11CF-A90F-00AA0062BB4C}
{2400183A-6185-49FB-A2D8-4A392A602BA3}
{F38BF404-1D43-42F2-9305-67DE0B28FC23}
{724EF170-A42D-4FEF-9F26-B60E846FBA4F}
exefile
{859EAD94-2E85-48AD-A71A-0969CB56A6CD}
{C4D651F1-7697-11D1-A1E9-00A0C90F2731}
Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hlp\OpenWithProgids
Software\Microsoft\Windows NT\CurrentVersion\ProfileList
{8983036C-27C0-404B-8F08-102D10DCFD74}
{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
Software\Policies\Microsoft\Windows NT\Rpc
txtfile
InternetShortcut
SystemFileAssociations\.hlp
{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
{98EC0E18-2098-4D44-8644-66979315A281}
CLSID\{00020424-0000-0000-C000-000000000046}
{EB41E8C2-4442-11D1-8906-00A0C9110049}
{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}
{2112AB0A-C86A-4FFE-A368-0DE96E47012E}
{5CE4A5E9-E4EB-479D-B89F-130C02886155}
{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}
{374DE290-123F-4565-9164-39C4925E467B}
System\Setup
{83C49FF0-B294-11D0-9488-00A0C91110ED}
{babe9b10-0f98-11e5-b301-806e6f6e6963}\
{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}
CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
{DFDF76A2-C82A-4D63-906A-5644AC457385}
TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
{972DE6C1-8B09-11D2-B652-A1FD6CC34260}
SOFTWARE\Microsoft\CTF\KnownClasses
Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
ActiveSkin.SkinButton
Software\Microsoft\Windows\CurrentVersion\Explorer
ActiveSkin.SkinStorage
verb
{53FA8D49-2CDD-11D3-9DD0-D3CD4078982A}
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\ShellFolder
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
6.0
{EB41E8C3-4442-11D1-8906-00A0C9110049}
Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
{EB41E8C4-4442-11D1-8906-00A0C9110049}
{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\OpenWithProgids
{EB41E8C5-4442-11D1-8906-00A0C9110049}
{53FA8D4B-2CDD-11D3-9DD0-D3CD4078982A}
{ED4824AF-DCE4-45A8-81E2-FC7965083634}
{000204EF-0000-0000-C000-000000000046}
{DE92C1C7-837F-4F69-A3BB-86E631204A23}
SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}
.hlp\OpenWithProgids
FLAGS
{33E28130-4E1E-4676-835A-98395C3BC3BB}
CLSID\{11DBB47C-A525-400B-9E80-A54615A090C0}\InProcServer32
{A990AE9F-A03B-4E80-94BC-9912D7504104}
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
{D0384E7D-BAC3-4797-8F14-CBA229B392B5}
none
UsersFiles\NameSpace
SystemFileAssociations\.exe
{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}
Software\SoftShape\ActiveSkin\ScriptPlugins
{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}
{4BFEFB45-347D-4006-A5BE-AC0CB0567192}
{A520A1A4-1780-4FF6-BD18-167343C5AF16}
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Setup
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
{DE974D24-D9C6-4D3E-BF91-F4455120B917}
{0AC0837C-BBF8-452A-850D-79D08E667CA7}
{C5ABBF53-E17F-4121-8900-86626FC2C973}
{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}
{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}
{C870044B-F49E-4126-A9C3-B52A1FF411E8}
{BCB5256F-79F6-4CEE-B725-DC34E402FD46}
{5E6C858F-0E22-4760-9AFE-EA3317B67173}
{C4900540-2379-4C75-844B-64E6FAF8716B}
{352481E8-33BE-4251-BA85-6007CAEDCF9D}
{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}
{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}
{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
{82A74AEB-AEB4-465C-A014-D097EE346D63}
{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}
{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}
1.0
{A63293E8-664E-48DB-A079-DF759E0509F7}
{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
{A302545D-DEFF-464B-ABE8-61C8648D939B}
{56784854-C6CB-462B-8169-88E350ACB882}
{76FC4E2D-D6AD-4519-A663-37BD56068185}
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib
SystemFileAssociations\text
System\CurrentControlSet\Services\LanmanWorkstation\Parameters
{190337D1-B8CA-4121-A639-6D472D16972A}
<NULL>
C:\Windows\system32\PROPSYS.dll
C:\sample
C:\Windows\system32\msvbvm60.dll
C:\Windows\SysWOW64\regsvr32.exe
c:\users\win7\appdata\local\temp\readme.txt
c:\users\win7\appdata\local\temp\license.txt
C:\Users\win7\AppData\Local\Temp\ginst0.dll
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|