Sample File: MD5 hash: cfd776b1cb9004e0f214f33431b3646b SHA1 hash: 3af3240893d79897b540f5875b81aaf715efbff2 SHA256 hash: cdc13684f41107a2ff3c367f50d64af2c71f2f004775d0307deb5ee6980a5965 SSDEEP hash: 3072:h8tdcEQ3QTUrDKVCBwyBrEyDQ/ZqHEBMTFhRME+No7mFHSSIiqjAkNaYuRDJWK:hydc7yWwydcZqHDTFnME7KRqjARYm Filename(s): jma.exe Filetype: Windows Exe (x86-32) Mutex IOCs: 202B6FD88E78C1712F7F81C7C9F0EED3 272029F79EC0A2EAE0AF831664092804 2BCFA516A365E867FCBCFD929848A1B1 2E7B8F5B9E609D1056CE589A981F7861 2F1421BC8887EE494CBB181471D3B8BD 552F6853E48E7AF759B90A927B2C73B0 5CEC8A542C3E2E66F733BD261506C8B1 604954A450752B96B72CF2C4FA84486C9C354B42 6F3549CFB6F74FB62D808AAF2E9E8CC5 73D7829F313B1B83C548C511D81668C8 7FB942A1636584825A88906D27CEE0F7 84AA574974A0C0E6075672D3C18FFC0A 87A78AFC41F1AFA71F9B4D8F2B8B64DA 89FE7999C96940F399FACBFAC60147EE 8BE847DE3D54F2EA1F4C0FE0A4895DFF 8DF2D5DC1798D4B6EB13A3DE12D6F62E 978A372B8B189D146E571FEAF32AC01B A491DBB3D22E1376E1733E46BB293C62 B690E16A328356E8C23D016700CCEEE6 BD89C1D7BCF4D1880BF44ACE158F3055 BF6CC780AE0CD1AA60ECB9D7863E07B0 E25F75369C1B225076E2CE7DA9403486 E8B3EE37817798F9FE34B9B8B3267C68 EF53F844643629B40C03B7E2D0112995 FBB2FF32341F0BE8DD006697436F770A FECD5D1589AE11B0ACA4711CFC8AA3C8 opera_shared_counter opera_shared_counter64 Registry Key IOCs: HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT\AutoRegister HKEY_CURRENT_USER\Software\2428a83e HKEY_CURRENT_USER\Software\727efe68 HKEY_CURRENT_USER\Software\Martin Prikryl HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Password HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Port HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Port HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004\IMAP Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004\POP3 Server HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004\SMTP Server HKEY_CURRENT_USER\Software\Mozilla HKEY_CURRENT_USER\Software\Mozilla\Firefox HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter\PathToExe HKEY_CURRENT_USER\Software\Mozilla\Firefox\PathToExe HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs\PathToExe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features HKEY_LOCAL_MACHINE\Software\Martin Prikryl HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\COM+Enabled HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\svcVersion HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Impersonation Level HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Namespace HKEY_LOCAL_MACHINE\Software\Mozilla HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\965b7fc26dad90d340d2fa0a4879039f HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\965b7fc26dad90d340d2fa0a4879039f\0 HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall\PathToExe HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\PathToExe \REGISTRY\MACHINE\System\CurrentControlSet\Enum\IDE \REGISTRY\MACHINE\System\CurrentControlSet\Enum\SCSI Domain IOCs: hockeysministries.org IP IOCs: 164.132.207.80 URL IOCs: hockeysministries.org/playoff/chmpion4378/hockey.php File IOCs: Filenames: C:\Program Files (x86)\Mozilla Firefox C:\Users\5P5NRG~1\AppData\Local\Temp\646D.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\646D.tmp-journal C:\Users\5P5NRG~1\AppData\Local\Temp\646D.tmp-shm C:\Users\5P5NRG~1\AppData\Local\Temp\646D.tmp-wal C:\Users\5P5NRG~1\AppData\Local\Temp\6DA1.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\6DA1.tmp-journal C:\Users\5P5NRG~1\AppData\Local\Temp\6DA1.tmp-wal C:\Users\5P5NRG~1\AppData\Local\Temp\6EBB.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\6EBB.tmp-journal C:\Users\5P5NRG~1\AppData\Local\Temp\6EBB.tmp-wal C:\Users\5P5NRG~1\AppData\Local\Temp\6F29.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\6F29.tmp-journal C:\Users\5P5NRG~1\AppData\Local\Temp\6F29.tmp-wal C:\Users\5P5NRG~1\AppData\Local\Temp\6F78.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\6F78.tmp-journal C:\Users\5P5NRG~1\AppData\Local\Temp\6F78.tmp-wal C:\Users\5P5NRG~1\AppData\Local\Temp\7208.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\7219.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\7219.tmp-journal C:\Users\5P5NRG~1\AppData\Local\Temp\7219.tmp-wal C:\Users\5P5NRG~1\AppData\Local\Temp\7934.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\7FD9.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\A16C.tmp C:\Users\5P5NRG~1\AppData\Local\Temp\F3E9.tmp C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\ C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gaejfer C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gtjtdfe C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gtjtdfe:Zone.Identifier C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\jgshctw C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jma.exe C:\Windows\Fonts\arialbd.ttf C:\Windows\system32\advapi32.dll C:\Windows\system32\ntdll.dll MD5 hashes: 0111897c22e2ab86bfd65ccf91adc717 29844404ae855e9df054833f71888eb1 2ebb7e4e62b1cae357d0a9720a996e25 b32724389aba0741d7d28f02f124897d b7c14ec6110fa820ca6b65f5aec85911 ca84b062330bf89c92f6da9fbd818b9e ccf817a1215b7342f42ab80fc78b5857 cfd776b1cb9004e0f214f33431b3646b d124f55b9393c976963407dff51ffa79 SHA1 hashes: 195ab6db299b3ee23812722689ca15b4ff2d142d 2c7bbedd79791bfb866898c85b504186db610b5d 3af3240893d79897b540f5875b81aaf715efbff2 3e86f08def08fc14ddec0227d0643319562666db 608eeb7488042453c9ca40f7e1398fc1a270f3f4 acce6121e5f1815f01d6b3468e4c3e51a9f9a20d c499d8febec0f0cb771a654fc65699c22226fe37 ef81cc44cddc9b7cd695903100d817af4427e2a4 f52fd559629cecf4a02037663c6d9bf171ac7235 SHA256 hashes: 176c57a929846be8b06ba706bdbc0149ba4c9c2ad9d4ebe86ab94d0627870d1c 3ce8414a491044fca9d5c4de1af15fc54c06ba021a7ba2199e092f35c42fbdf4 45caa6e0f74afd3544a799ab8fd9987ac6cfee348c66312581b322cbae74a959 6b3005e2b4d0093f7b04e8427f386fac532deb9d84156c7855ace8a2eb23d962 c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e cdc13684f41107a2ff3c367f50d64af2c71f2f004775d0307deb5ee6980a5965 cff896f26e26cdf1a63e312f89795366ee2bc902323cabe44a86aa4ad0977228 ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb SSDEEP hashes: 24576:gwS6Xkd14PpBi6vPfdviHPZ2jslseW64AcECwA:lUd1ypBLPdmZ2Ox4AcECwA 24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W 24:rEO15UcJOyTGVZTPaFpEvg3obNmCFk6Uwcm3tm5fB:IwecVTgPOpEveoJZFrU10WB 3072:h8tdcEQ3QTUrDKVCBwyBrEyDQ/ZqHEBMTFhRME+No7mFHSSIiqjAkNaYuRDJWK:hydc7yWwydcZqHDTFnME7KRqjARYm 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX 48:DML4nwTqMXQ98wM6ckr3ekPokj+rU+D0KHhS0wy:Dbn39e8DdPHaB33 48:tNecVTgPOpEveoJZFrU10WB58PdJAKr1EcO:tVSNDX25E 6144:pH4t3FN2ujUiF9LrMeO8jZY0VIkR5vmioQZYVnb7qhnqhuLj/:14tVN2oDLImLV6nbWQuLj/ 6:TMVJMpqXO/GGG/1EwkAATkGWHMLF4tTmRk4//sKEQZRvDA9om49NVO9:TMsgeMlZHMJ4tTmRT7EqvD8om49/k