Sample File:

	MD5 hash:
		ac1ba1a84d57cee3c0cd47f2f84620c1

	SHA1 hash:
		f4e408b3e3d2c2a8f5a0d90c9682f3cfce0d28a5

	SHA256 hash:
		6d365f7901cd47dd0f1169c656d2e442ffabbc3197f0a6d056aee9471e9d9487

	Filename(s):
		Scan92933944.js

	Filetype:
		JScript


Mutex IOCs:

		Global\.net clr networking
		Global\{70e0240c-77de-4f81-ac5c-cb838d2319d3}


Registry Key IOCs:

		HKEY_CLASSES_ROOT\.JS
		HKEY_CLASSES_ROOT\JSFile\ScriptEngine
		HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
		HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


IP IOCs:

		- None -


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\Program Files (x86)
		C:\Program Files (x86)\IMAP Service
		C:\Program Files (x86)\IMAP Service\imapsv.exe
		C:\Users
		C:\Users\5P5NRG~1\AppData\Local\Temp\hSbFTsTClaogdEEotf.exe
		C:\Users\5P5NRG~1\Desktop\SCAN92~1.JS
		C:\Users\5p5NrGJn0jS HALPmcxz
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\hSbFTsTClaogdEEotf.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\hSbFTsTClaogdEEotf.exe.config
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\hSbFTsTClaogdEEotf.exe:Zone.Identifier
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\tmp4EF.tmp
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\tmpD88.tmp
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\Exceptions\1.2.2.0
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\IMAP Service\imapsv.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\Logs
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\Logs\5p5NrGJn0jS HALPmcxz
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\catalog.dat
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\run.dat
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\settings.bak
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\settings.bin
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\storage.dat
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\0303D5B4-FFE9-470E-9DD8-7D9EC416E53F\task.dat
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config
		C:\Windows\system32

	MD5 hashes:

		d41d8cd98f00b204e9800998ecf8427e
		e158eaad635b1f58020f876361f528e6
		f6cb9cb7189e5b3311511a09bf49bc60
		f8515e5af248bb586dc0076394d3e1f1

	SHA1 hashes:

		1390d19ffdb556b1902774c7b815eb710f0166a3
		70c3264ed1ffd592e278bf27a3d255eab895f40d
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		ffa5c8dbf3986c39fc0a75e3ac167151a4b5093b

	SHA256 hashes:

		1730ee105ce0df308f6b0fa8b0ee508ad863210a124627bd6e246502ce88ef3a
		5c7bddde92eb51c5fbd7be4899b490b648af98bf78442a64430b2fc5e052df97
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
		ef700c5e55f6738cfd53390b4cb1c153fc5283d5b38da2cd84d5662b496e479e