| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 |
Type : data MD5 : 3131e149c734ea11145b440a8117cdb6 SHA-1 : 8a2a46e1d036d1a3c7e4507606f217e714aaf2cc SHA-256 : f27d65601940f79b320e41828c7e38223f26b0d3ac2d1aa88cbe9f8d9f559398 SHA-512 : 43302504d1b7ef30f4f792ecca9ee1b8e7a5692d2c7fe43534c1f27c8ed2ddcc9f53a72efba970162240e8130e23dc58ecba24543d31c969fa34c2823af6b752 Size : 0.4 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Ikosqxuk\ikosqx.dat |
Type : data MD5 : 38f7ff168dff0ef22cd36d88d7f4683c SHA-1 : 0ce2d55d6facf7ec95d187a965087cd6bf9a5bc9 SHA-256 : bb9598d2035c3f562a7264d3cb3d3ed5c9148ff507b3a5a711f7eabf3ecc2f08 SHA-512 : aef54c0a27bdf270a8400e2018cf2db4a312b4da76bb0290f13a6586c6498bfb41e25b4a1a40d958812b80e3854820d8d13a3e444f882de5d09ab013f3205454 Size : 0.402 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0060A9F9287878B15AB61E0E47645E5 |
Type : data MD5 : 815f71a62aac5f68ab62e667e4f388e1 SHA-1 : f4da0bedd73408d3be5dd667827b0c20d09a76f6 SHA-256 : fce5d0e9ee0d46ac1476dbb6138ad627e8ee9e2c2a01b83be781d7b09ff9f783 SHA-512 : 0a469cb598cc4fee45da8f0ced3a58dd429acdf52fac7cbd5bfbe2cc1ad4e6ea69fdb20df26b8197c945d177ed7121cc5f1cf2e6c214a4f3095a7772fc6928d8 Size : 0.252 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : data MD5 : f8931c8ff04c6489cf53d1615737fff2 SHA-1 : cb968e59100ad870886e6449ccce49468c98ad87 SHA-256 : 31de4406495b3eca8d2d815426d3b94ca26760ceb563a0a0ae28f1f19ea0a0fa SHA-512 : 118465bbe634ace5d6a6f5dea32e6dd94225350b56974483bd05a79e1f2ba7096d0630fcf456d9384edbbf615b086da55af7db820de10437b4902d898fe45611 Size : 0.33 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 |
Type : data MD5 : da15614d9aaaf103cf0ff807b00d6e12 SHA-1 : ca1993c71ea1d5e33854d44ac6243135bf468132 SHA-256 : 7f44818031238920f79c7a27caadd68c15a344c6d05b29df1cad1281e085fd0f SHA-512 : 00b77d87cc637a468ecc51701bdbd4a6e671e92a3be84da9a1a50cdeab1cb80aee8160160635cdd4ded7b13669aa797fef71e829d585ac87ca379aac114bb4b5 Size : 0.398 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0060A9F9287878B15AB61E0E47645E5 |
Type : data MD5 : a7451c9aaea933cdf8bad360ff9c6a8d SHA-1 : 6ef49ac6880d6f1e9e1fcf1c3808c55a7a66acee SHA-256 : affa00a5f202599a5bf580c441ac3be215e905a16e7a77d758ac3b13f5028b25 SHA-512 : 839e8a278cb7ed08ef0517c3f8a3c14ff377a14afe875de8191d10d516f1137b72261be95bb17ff96562d0521439d7f429b67a6b7d004310aa5b07bcf7d78dd9 Size : 3207.835 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Ikosqxuk\ikosqxu32.dll |
Type : data MD5 : c49272a2b2e785557dffe36c2ef9ac0e SHA-1 : d66bacc45e1ee5575b0591b37b5995a44a527433 SHA-256 : c9d07fdc13371aa6b1498349299b65084a71215cdc9f32c5e269d2248a6a681f SHA-512 : c66a4e7a91d2157c41284e0b1988bfa373f5fe8bfa33cdda0fbe74dba486471bc32bccf7888f7310080ef8e275f0581c240edabbd6bcf3b0c328c26d550a75ef Size : 4.759 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Ikosqxuk\cikosqxu32.dll |
Type : data MD5 : bce558b8938a5b45b9efa15d159430da SHA-1 : 5af7b9c0768e6069bd0b620b82b6f87bc5b06564 SHA-256 : de52b996e5bcf35c40c3760ff87aafdf5f40dea80415c6b41ba383b2cddacd0d SHA-512 : e8df944d1b3718c2311138ef6f3b55b0bc2af5030255525c7bbfae1fb375c147e26ec34b151564b2397635e41cb1ab9368c25e16f0b1d041b278252252f36d08 Size : 1.433 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC42971B7939A9CA55C44CFC893D7C1D |
Type : data MD5 : 4ed7cd688a08a3d5502b244cd5428633 SHA-1 : b9b6e5e9528ddfc4d1fb5bd9d77c5141048374c8 SHA-256 : 6f5ae4c05eac0004cb8562b473fc8105542c21b28e07cc14b865a921ac4ffa0b SHA-512 : 61fbe0a0bd6dfd1802e18c4fc3dd5015bb23d0042a07672c23e71a5d1e7da53a3fbff736b169cbebc31edd09aa990c15ef0b23c06bfb8b4d9ee9d9850637ebbb Size : 0.812 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\b5ddf5a295d29d60ad817a625886275937a60874.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 60b7c0fead45f2066e5b805a91f4f0fc SHA-1 : 9018a7d6cdbe859a430e8794e73381f77c840be0 SHA-256 : 80c10ee5f21f92f89cbc293a59d2fd4c01c7958aacad15642558db700943fa22 SHA-512 : 68b9f9c00fc64df946684ce81a72a2624f0fc07e07c0c8b3db2fae8c9c0415bd1b4a03ad7ffa96985af0cc5e0410f6c5e29a30200efff21ab4b01369a3c59b58 Size : 776.192 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Ikosqxuk\ikosqxu32.dll |
Type : data MD5 : 032f025b5e43db60ec47d340cee7a6f4 SHA-1 : 8f8aa7db399edff5283b1e33c6f5e4f13bdd36b0 SHA-256 : d03de18dd6e20188376e978c883d2f5be2be54eb140a50b9f7c44d83ca396cfd SHA-512 : f3fcc75bda50bfa3aba8698ae04c37d2be9852c561fb702ecc0ab143cf0353201a403a7403618f195167a7cc9674e0f80ce4380f516ebdf81725e9dd405a078d Size : 3.913 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 |
Type : data MD5 : 35866a56791faa1a377c49163ee7aeab SHA-1 : 1393d5f378d3d643acdd15218b8bed7c5f01886b SHA-256 : a302fc301856d91fccead2133186b004760c83b1a3704caf53abb78b525ae859 SHA-512 : cecf1c6708cd808e2cbfcd7fa577c7dbef9d010fda3eac1ec129cc1c7303ffaa2a296bd471f29db208e963564a249ccb35a06722cd90169938753bd639116625 Size : 0.471 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Ikosqxuk\ikosqxu.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : f2f865aa912787c1a202394c840ed595 SHA-1 : b5ddf5a295d29d60ad817a625886275937a60874 SHA-256 : 090a173c5fe7a25d56faa17d837548027e8482c02385ca07a83e77dd89858a18 SHA-512 : ba45d6f9dcb3bb302510deb3d579649363417c6089f31908e7aa74d486b6adce9489463c4108b57e8eafd2640e06c7927ddd627c1aee90d4574f69ee271e4c2c Size : 569.344 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC42971B7939A9CA55C44CFC893D7C1D |
Type : data MD5 : 14109866e342ceec1c1d32c43f4bfede SHA-1 : 11eea6255723727257d4c88b742d4c8bd4fd5086 SHA-256 : 4e607ffc22e34340058426fceed0423165f4e3223735f3fe4f657999e1f16583 SHA-512 : 9f83e5d965a4d7db3b65274c83ef432576fc5375cda7a6efdea84a29e7cde0deed8443e4b401b15814ee233d10438d6821d6f1a0a53a18f3ab575340e6fcfb5c Size : 0.236 Kilobytes. |
|
C:\Windows\appcompat\Programs\RecentFileCache.bcf |
Type : data MD5 : a725537a32727210ddafbe6612b45677 SHA-1 : b5b5795e86b8e8ef4070bd50a9610c0abcc9cccb SHA-256 : 5f094c735b915b33d440c285272793e7e0ff31507ff9e6614d371f7aea589153 SHA-512 : e1d5fa611a2a9e43037eaaa0a4fd310e6fe7c69191b0819dcd20d18c427d123b757e545abe1b54a2df63acc21a81270c1831944f620be94d18d6fa8de8fc019a Size : 5.762 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 |
Type : Microsoft Cabinet archive data, 6564 bytes, 1 file MD5 : 16e8e953c65d610c3bfc595240f3f5b7 SHA-1 : 231a802e6ff1fae42f2b12561fff2767d473210b SHA-256 : 048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d SHA-512 : 8cf223f68cd118be6bef746d4ccef2bc293e7e0f44630f7b1a799280c255622cc75a8313d7918c95f5d17765ccb90d50d08e1224ec1be33a8381780d3c8d068c Size : 6.564 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_636CD824810555E1469322973B7D2B73 |
Type : data MD5 : fac020ee043d99edc2548f8ba54af38a SHA-1 : 87c3d90dd1f50ef5564d4879997ae454480c0c1d SHA-256 : 112f5f2e4140f13117147af88d74d93e52cdc08943e591d1ee1334cd0eac2feb SHA-512 : 4007b2847dc173708337e768ac0ebc15f1c620ecf746db9ddba6a340437eef9ed353968914589a9750ca6a849cc998d25f6a98734ad993eb0ebfdca40660dd7f Size : 0.4 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_636CD824810555E1469322973B7D2B73 |
Type : data MD5 : f48ae898b84607ab59c896694410d00d SHA-1 : fc96fa3ae55ae3b6b5d2f6fb4e55b396217af70b SHA-256 : 10808afbae864fa7449722c2a462f0cbe6e04970e0bbcdf86a91493d16415d76 SHA-512 : 15ba7edae0080419257c252c018a0db713ddf8a1c8db0cabbb1f9feee4cef42c792eaf35d95825e84bcf80f9be313d31871c1d6b976bd229b492689124b6f5ce Size : 0.472 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Ikosqxuk\cikosqxu32.dll |
Type : data MD5 : 64e2dff38f285a3f08c7fc4fcbaadae6 SHA-1 : fdd6d65cae0ee10c8b1306d490965288cba77479 SHA-256 : 7698230670e136fa653ce5b589e967467b77bd1e927e1c6e1e34c1890fdf313a SHA-512 : def64b37892471ad03f237c4ae1ae10779207c6efd4020a337e7f58b612813e2392f12e70c52bc41ac7f7886cea23377f6a297c730c3049b5514b49b12e19059 Size : 2.035 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 |
Type : data MD5 : 5f7506e148434c5d7e2f1f8bc418e0d4 SHA-1 : 00f85608b928486b05990efc1a57d51f4ea8803d SHA-256 : b19cb2e1509a6e36d076d6afeba6af84821f659613a0fe5f8f4e8b56d0c0c104 SHA-512 : 831a0ef6115df38bb22a5d8f9babb44dacc6c25de84cb633d772b9e7375c70f29e429a675ee3d21676e57345397f872446f485b70ab44dd7910886cc3dbedd04 Size : 0.34 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 |
Type : data MD5 : 91382065c694d37f252a1c4d860e4cd1 SHA-1 : ad7e2b63bd471702614cbf3794cec63046bd8c18 SHA-256 : 79275d4e1b16934a7fadeabf9ae7e3b59c0d18ae35dd6f7b9f463389d23a1ac7 SHA-512 : 72bcd7241b60081666713cc17da050122ef509a664dfb3fcef2a66f34a2f14060d6e34e8865388f512c379d24850a1eb51e0753172bb094ffc12108b812f24a2 Size : 0.727 Kilobytes. |
|
C:\Windows\sysnative\Tasks\{15FE1D59-5E9A-4A81-8129-D36F617EDCF9} |
Type : XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators MD5 : 18dd034a2bb15439ad11eff361623158 SHA-1 : fa30a75a0a018bff19566116917bc5b0b6e51240 SHA-256 : a1c670cd1da47e350e0e1e850ef884b28465ab24bcd8996c49e6ae776909c9e7 SHA-512 : 7176316e84552b3fd3d460c81ab7d8c0c2b0461976e3f4579906dc6a91b8f21001b46ef4e6dce0af01940f6843debc0705f5815e35f00faaa834f2fc790c502e Size : 3.494 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : Microsoft Cabinet archive data, 54018 bytes, 1 file MD5 : 06ed9a39ac55eb00dd78e416e1a804f6 SHA-1 : 270464d1618197d86ff89184ba5ed45708d38bd9 SHA-256 : 298bba62caa0b61a402f715bb5b8d1d28ecd0b58d9a9b6b8ae7947b39da8b1eb SHA-512 : 6a3a747bb754d9bfb78d18e37cd9806015e00eee85c59e16e3fcb6263024b422be94a83d4fd447912cc516a77b2d17a38689303857a40b75c2831a6548d63287 Size : 54.018 Kilobytes. |
| Match Rules |
|---|
| File Name: | kaueu.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | b5ddf5a295d29d60ad817a625886275937a60874 |
| MD5: | f2f865aa912787c1a202394c840ed595 |
| First Seen Date: | 2018-02-23 16:09:06.865051 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2018-02-23 16:09:06.865051 ( ) |
| Human Expert Analysis Date: | 2018-02-23 19:21:13.403153 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 6 |
| trid | [] |
| compilation time stamp | 0x5A9085F5 [Fri Feb 23 21:21:57 2018 UTC] |
| entry point | 0x401b00 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 569344 |
| ssdeep | |
| sha256 | 090a173c5fe7a25d56faa17d837548027e8482c02385ca07a83e77dd89858a18 |
| exifinfo | [] |
| mime type | application/x-dosexec |
| imphash |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x2e850 | 0x2f000 | 7.23440389218 | ccdb761332b00993ca2764df5a0c3f99 |
| .rdata | 0x30000 | 0xd2e | 0x1000 | 4.64567363304 | 22ff2b56a7554012cde86e2f5cd33b45 |
| .data | 0x31000 | 0xac8c | 0x7000 | 6.41183582494 | e7ae2ddae1d260ed091794e975a646e1 |
| .crt | 0x3c000 | 0x207e7 | 0x21000 | 7.21730934103 | e10b12ca77ce0a6a955444debb298de5 |
| .reloc | 0x5d000 | 0x2f3b5 | 0x30000 | 7.21269567795 | b35937a6fe99b9b3ccb8e1707cf10ced |
| .reloc | 0x8d000 | 0x1760 | 0x2000 | 4.97069636457 | 2f9b9e4f552b01cd9551310334b4b307 |