| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Roaming\Microsoft\Pnuaijsyn\pnuaijs.dat |
Type : data MD5 : 9a91ee9a05e715703016810b81ab8929 SHA-1 : 77ce0fc6775031cc1957d79de97a14ab03b6a9b8 SHA-256 : 3e95d17161cb0d2d9a34147f9d21291586ecf42bfade6d2dd194aced64df623b SHA-512 : 904f15a75863bbfe05c34a97f1e890376bda3735429e2252c9600c7eb10f87636c6fd583db085c4e92c34b81421573983acd9d75c0c5d895715cb4feb6d7107c Size : 0.43 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : data MD5 : 0ac95b8801f1dd449351ced510104238 SHA-1 : aa897f0c916a4d7b3982e819b36e1152ed50e60a SHA-256 : 9a7d45ac4924583050e2e1264a934c07883c31fd90fa1724d7d5cf2843eeba16 SHA-512 : e7424eb48c658850f103bc1351ba47ff39d4331609e3b65f4cc7eaae47963ab7b4e11848864edadac52d1c8f21055d385f460f0b192cad6036fb3413f659f7a0 Size : 0.33 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0060A9F9287878B15AB61E0E47645E5 |
Type : data MD5 : 07f6f31362b190a268b375e35b5e7031 SHA-1 : aa7b8d930bfe46f4922d167819a959f6f8e2a57c SHA-256 : 5d38ccefd32c455097b158ed66d99070889cfa48c879d95312b645a5112c3f55 SHA-512 : 33bf49da4bde7e61efb65861bf70be0b4c60586f3f63a59616a348f97509a7a281eb016f9328e8f2d101d4ed80461a76d40d5c555e5dbdf4db81b05e53a6d740 Size : 0.252 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 |
Type : data MD5 : 0f2a0c7883e05fff643c3fee6ab9ba1f SHA-1 : 4099e8493107149d344b8745a6f6e952355014bd SHA-256 : de1ca447c3bbfb5eb71a22b9c5ade8f59dcc37651ccc514bb36d7eecb10463b6 SHA-512 : 2369008b99297e7ae80895dd5b600f6a7ae0b16807552fe95fbb5280f1e3a29ad9210626612ab038a207815de2031fc01fa69cf666d21b6eb13546bf211ac5f5 Size : 0.34 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 |
Type : data MD5 : 21640afb0fa8d34c3aae905e21ab97fc SHA-1 : 0fc61aeb0c24c515fb98ba85d84b7ed7a17ab644 SHA-256 : d4e5a32e6e496b6518b352e5d61d0df80809534606c2b81fc460988c6f1bc9f8 SHA-512 : 1860e37700bde1ea85954f787b34941413bdd9a85a96f1d72aa87c18fef9ce932154f09179b0f218f420ed346e33eae3aecbfe38be6d0c8554363c6eac22329b Size : 0.398 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0060A9F9287878B15AB61E0E47645E5 |
Type : data MD5 : a7451c9aaea933cdf8bad360ff9c6a8d SHA-1 : 6ef49ac6880d6f1e9e1fcf1c3808c55a7a66acee SHA-256 : affa00a5f202599a5bf580c441ac3be215e905a16e7a77d758ac3b13f5028b25 SHA-512 : 839e8a278cb7ed08ef0517c3f8a3c14ff377a14afe875de8191d10d516f1137b72261be95bb17ff96562d0521439d7f429b67a6b7d004310aa5b07bcf7d78dd9 Size : 3207.835 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Pnuaijsyn\cpnuaijsy32.dll |
Type : data MD5 : d3c77f2f3818db42c1e27c3fbc2bdd55 SHA-1 : dbb79330f52d97f03b3f741170a14251f1fd4d5a SHA-256 : 783b33fd7a3ec86f0f59762607557d2918d4eb54a9b35bde32b0b0cd63d49d05 SHA-512 : c34ef5ce820b9f198d7407e67787e418221818e7b5ddeb8460cdddca1b2d7bc4fd1541a96799d0b8a0500e51a050b721bae83b606d9921256698a23b758b8f2a Size : 1.437 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Pnuaijsyn\pnuaijsy.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 71c254349a7225fa217a52bf68ab5f23 SHA-1 : f4d19632277e52b849d452d94d841ebbef029596 SHA-256 : 105e080ab1b787b8d280140adaa6d64b994f00d9c797a08cfa9282f0174922e6 SHA-512 : ce9e655ac82e3237c4195a54952b63c5a50b7ccdd04f6e5e64608c8da57c82881686b56459e4a8b8a921e7f390dd4662a49166d8e1f0fdaa1729d855fd24e0fb Size : 569.344 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 |
Type : data MD5 : ed7449f697d352dac1baebcfaefc330c SHA-1 : 18ece6a4d6d57c58f45d28783691a6b5248c4036 SHA-256 : dafbb8beff4f6260fe18fb043d6d1fd3d3672c632561d768625e02a5faefffd4 SHA-512 : 6350f3c9706809e4ea445bbc695367bc42263958aba922774ce1d21bb8c36ae5b4a68068346254edd9e8969383fb4d18040f7bd6e0136be5561a4da164c9021e Size : 0.4 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Pnuaijsyn\pnuaijsy32.dll |
Type : data MD5 : 7c985add407d149367668927ba72b1bd SHA-1 : e76e5027bf34b601d6c4d336818fe856b0ea4805 SHA-256 : 2b0084656a8628213c0991bfa4f63a4be1b7f211022c2dd5839fd6620039e8fe SHA-512 : 9b4698bc40f4dbdd395a17ad2142259dc4a5aea6f96829dce1d6916ac218fa1ed75e8cc5bd92ebc4ce3aa32d7f4f375271c08d74017429864efd208145df8c12 Size : 4.787 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC42971B7939A9CA55C44CFC893D7C1D |
Type : data MD5 : 4ed7cd688a08a3d5502b244cd5428633 SHA-1 : b9b6e5e9528ddfc4d1fb5bd9d77c5141048374c8 SHA-256 : 6f5ae4c05eac0004cb8562b473fc8105542c21b28e07cc14b865a921ac4ffa0b SHA-512 : 61fbe0a0bd6dfd1802e18c4fc3dd5015bb23d0042a07672c23e71a5d1e7da53a3fbff736b169cbebc31edd09aa990c15ef0b23c06bfb8b4d9ee9d9850637ebbb Size : 0.812 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\f4d19632277e52b849d452d94d841ebbef029596.exe |
Type : PE32 executable (GUI) Intel 80386, for MS Windows MD5 : 60b7c0fead45f2066e5b805a91f4f0fc SHA-1 : 9018a7d6cdbe859a430e8794e73381f77c840be0 SHA-256 : 80c10ee5f21f92f89cbc293a59d2fd4c01c7958aacad15642558db700943fa22 SHA-512 : 68b9f9c00fc64df946684ce81a72a2624f0fc07e07c0c8b3db2fae8c9c0415bd1b4a03ad7ffa96985af0cc5e0410f6c5e29a30200efff21ab4b01369a3c59b58 Size : 776.192 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_636CD824810555E1469322973B7D2B73 |
Type : data MD5 : daee56a753c9e95178843a54891e4e62 SHA-1 : aacdc0bcf7f681dd0dc339b9ece7b1be1c2f8758 SHA-256 : 58c3a9318ff3d3d0d01c5554aa1dc9df464cd8b68a262085c62b14cc58c15f0a SHA-512 : 7f5873bef0a5eb3c675f155977c65b03340f9db4048578ce45d3b5a5fe60bc7754742dc02a3cae820cad99aea59478efc7f3134e23df1c217ab9f3f3772588db Size : 0.4 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC42971B7939A9CA55C44CFC893D7C1D |
Type : data MD5 : a392580b45af558825dcbbe4ffecbd77 SHA-1 : ea90cd93722fad2ed22c1af5790e95d8e9807ddb SHA-256 : b663b90fe6acb1a2a8532a0d25c4dc0f4101eb9f97859d6653b7ade1860dfafe SHA-512 : fdb736c3414e31b19387c3d8f5fdb708e4ac3bfed666bce1d3dd1298b939be62f6f309a93f124e2e8b4904fc2bd6798757f6fff55ef05f61fa24ed3b45a6376b Size : 0.236 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 |
Type : data MD5 : 35866a56791faa1a377c49163ee7aeab SHA-1 : 1393d5f378d3d643acdd15218b8bed7c5f01886b SHA-256 : a302fc301856d91fccead2133186b004760c83b1a3704caf53abb78b525ae859 SHA-512 : cecf1c6708cd808e2cbfcd7fa577c7dbef9d010fda3eac1ec129cc1c7303ffaa2a296bd471f29db208e963564a249ccb35a06722cd90169938753bd639116625 Size : 0.471 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Pnuaijsyn\pnuaijsy32.dll |
Type : data MD5 : 321e93217726559347ec1efe2578f24b SHA-1 : aed1f42346ffa3ceda75172bba602c68ef5f128d SHA-256 : 7ffd5c3d45d9c0205a084e5b0b302b225c8d3f326e80ec6e655a0948f8225399 SHA-512 : 73b3df797927f15a32ca4d1ca2a36d96585149e6a6570f1e47b60effac8d0c02de824e8ef9da9cddc755739dbd118a2b4591ef7c8af14510ecdda2763beaf584 Size : 3.915 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Pnuaijsyn\pnuaijsy32.dll |
Type : data MD5 : 784b9631a80f474fb53e16813e3d730b SHA-1 : 3b83426726819ab6cd48219dea35ef51744858c3 SHA-256 : 635ba75c40298a631400876b4adbf011633acd256c88d073a794501d416ac18c SHA-512 : 920893922d641377a874a97abf89b2d594ca711171a193d892538acd07d34442fa3e8355f98bb84cf818d1922ddcba661088c118eab31c0e0a932bdb5dc9080c Size : 3.915 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 |
Type : Microsoft Cabinet archive data, 6564 bytes, 1 file MD5 : 16e8e953c65d610c3bfc595240f3f5b7 SHA-1 : 231a802e6ff1fae42f2b12561fff2767d473210b SHA-256 : 048846ed8ed185a26394adeb3f63274d1029bbd59cffa8e73a4ef8b19456de1d SHA-512 : 8cf223f68cd118be6bef746d4ccef2bc293e7e0f44630f7b1a799280c255622cc75a8313d7918c95f5d17765ccb90d50d08e1224ec1be33a8381780d3c8d068c Size : 6.564 Kilobytes. |
|
C:\Windows\sysnative\Tasks\{81CE9089-5042-4260-A5C5-A8694A5F6513} |
Type : XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators MD5 : 2addc450da59d69a8e6402a013cdf756 SHA-1 : 6c3b65edf875efbbe1a51a36c31b8a98c0f44b3a SHA-256 : 487bb9ceedeb169bbfd17b93de31fd3884c78445494c2a6d5998854622776f44 SHA-512 : f3a5f844356e7f231fad8f4a0f51dcfd27e349156dc48e3e43f05c491949a5955c9500942422253ea292911e0a1fde1eb4738d4f0d9d11573421a00a970c9f18 Size : 3.498 Kilobytes. |
|
C:\Windows\appcompat\Programs\RecentFileCache.bcf |
Type : data MD5 : 4ce3118339e13b865d9b528edd5b8a60 SHA-1 : c05ef91ca1b0d60596d015cac9300237c5cfb89f SHA-256 : 252df101eb7832f8a4b5de90233dc047a8833521335f9453e5bb9d49efa63ff1 SHA-512 : d0da85544e2f77b71286793741cb6e6982c60b67fa981221608f1e40d0ee6a13b1311449f50cc64e7ac5492dcebefc74eb686743226513e04858705993e885f2 Size : 5.782 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_636CD824810555E1469322973B7D2B73 |
Type : data MD5 : f48ae898b84607ab59c896694410d00d SHA-1 : fc96fa3ae55ae3b6b5d2f6fb4e55b396217af70b SHA-256 : 10808afbae864fa7449722c2a462f0cbe6e04970e0bbcdf86a91493d16415d76 SHA-512 : 15ba7edae0080419257c252c018a0db713ddf8a1c8db0cabbb1f9feee4cef42c792eaf35d95825e84bcf80f9be313d31871c1d6b976bd229b492689124b6f5ce Size : 0.472 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 |
Type : data MD5 : 91382065c694d37f252a1c4d860e4cd1 SHA-1 : ad7e2b63bd471702614cbf3794cec63046bd8c18 SHA-256 : 79275d4e1b16934a7fadeabf9ae7e3b59c0d18ae35dd6f7b9f463389d23a1ac7 SHA-512 : 72bcd7241b60081666713cc17da050122ef509a664dfb3fcef2a66f34a2f14060d6e34e8865388f512c379d24850a1eb51e0753172bb094ffc12108b812f24a2 Size : 0.727 Kilobytes. |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Type : Microsoft Cabinet archive data, 54018 bytes, 1 file MD5 : 06ed9a39ac55eb00dd78e416e1a804f6 SHA-1 : 270464d1618197d86ff89184ba5ed45708d38bd9 SHA-256 : 298bba62caa0b61a402f715bb5b8d1d28ecd0b58d9a9b6b8ae7947b39da8b1eb SHA-512 : 6a3a747bb754d9bfb78d18e37cd9806015e00eee85c59e16e3fcb6263024b422be94a83d4fd447912cc516a77b2d17a38689303857a40b75c2831a6548d63287 Size : 54.018 Kilobytes. |
| Match Rules |
|---|
| File Name: | uwiuwzoe.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | f4d19632277e52b849d452d94d841ebbef029596 |
| MD5: | 71c254349a7225fa217a52bf68ab5f23 |
| First Seen Date: | 2018-02-23 16:19:15.668769 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2018-02-23 16:19:15.668769 ( ) |
| Human Expert Analysis Date: | 2018-02-23 18:26:27.223958 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 6 |
| trid | [] |
| compilation time stamp | 0x5A8FCB03 [Fri Feb 23 08:04:19 2018 UTC] |
| entry point | 0x401b00 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 569344 |
| ssdeep | |
| sha256 | 105e080ab1b787b8d280140adaa6d64b994f00d9c797a08cfa9282f0174922e6 |
| exifinfo | [] |
| mime type | application/x-dosexec |
| imphash |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x2e850 | 0x2f000 | 7.23686333983 | 2500e0c33d3186cbff6f6f4c99463967 |
| .rdata | 0x30000 | 0xe88 | 0x1000 | 4.65525909577 | e98a21f424872dea58e3994f263a67ef |
| .data | 0x31000 | 0xaf8c | 0x7000 | 6.44632074653 | f1f203c5614e86c3d6233b29f0fc5822 |
| .crt | 0x3c000 | 0x207e7 | 0x21000 | 7.21730934103 | e10b12ca77ce0a6a955444debb298de5 |
| .reloc | 0x5d000 | 0x2f3b5 | 0x30000 | 7.21269567795 | b35937a6fe99b9b3ccb8e1707cf10ced |
| .reloc | 0x8d000 | 0x161c | 0x2000 | 4.97069636457 | 2f9b9e4f552b01cd9551310334b4b307 |