Sample File: MD5 hash: e891e59a10a74f7544fbeffe20d46d49 SHA1 hash: e9ba832a241996225f6a30f9f60b52ba91ca342c SHA256 hash: d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874 Filename(s): d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar Filetype: Java Archive Mutex IOCs: - None - Registry Key IOCs: HKEY_CLASSES_ROOT\.vbs HKEY_CLASSES_ROOT\VBSFile\ScriptEngine HKEY_CURRENT_USER\Control Panel\Desktop HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation IP IOCs: 62.0.58.94 URL IOCs: - None - File IOCs: Filenames: C:\Program Files\Java\jre7\bin C:\Program Files\Java\jre7\bin\JAWTAccessBridge.dll C:\Program Files\Java\jre7\bin\JavaAccessBridge.dll C:\Program Files\Java\jre7\bin\JdbcOdbc.dll C:\Program Files\Java\jre7\bin\WindowsAccessBridge.dll C:\Program Files\Java\jre7\bin\awt.dll C:\Program Files\Java\jre7\bin\axbridge.dll C:\Program Files\Java\jre7\bin\client C:\Program Files\Java\jre7\bin\dcpr.dll C:\Program Files\Java\jre7\bin\decora-sse.dll C:\Program Files\Java\jre7\bin\deploy.dll C:\Program Files\Java\jre7\bin\dt_shmem.dll C:\Program Files\Java\jre7\bin\dt_socket.dll C:\Program Files\Java\jre7\bin\dtplugin C:\Program Files\Java\jre7\bin\eula.dll C:\Program Files\Java\jre7\bin\fontmanager.dll C:\Program Files\Java\jre7\bin\fxplugins.dll C:\Program Files\Java\jre7\bin\glass.dll C:\Program Files\Java\jre7\bin\glib-lite.dll C:\Program Files\Java\jre7\bin\gstreamer-lite.dll C:\Program Files\Java\jre7\bin\hprof.dll C:\Program Files\Java\jre7\bin\installer.dll C:\Program Files\Java\jre7\bin\instrument.dll C:\Program Files\Java\jre7\bin\j2pcsc.dll C:\Program Files\Java\jre7\bin\j2pkcs11.dll C:\Program Files\Java\jre7\bin\jaas_nt.dll C:\Program Files\Java\jre7\bin\jabswitch.exe C:\Program Files\Java\jre7\bin\java C:\Program Files\Java\jre7\bin\java-rmi.exe C:\Program Files\Java\jre7\bin\java.dll C:\Program Files\Java\jre7\bin\java.exe C:\Program Files\Java\jre7\bin\java_crw_demo.dll C:\Program Files\Java\jre7\bin\javacpl.exe C:\Program Files\Java\jre7\bin\javafx-font.dll C:\Program Files\Java\jre7\bin\javafx-iio.dll C:\Program Files\Java\jre7\bin\javaw.exe C:\Program Files\Java\jre7\bin\javaws.exe C:\Program Files\Java\jre7\bin\jawt.dll C:\Program Files\Java\jre7\bin\jdwp.dll C:\Program Files\Java\jre7\bin\jfr.dll C:\Program Files\Java\jre7\bin\jfxmedia.dll C:\Program Files\Java\jre7\bin\jfxwebkit.dll C:\Program Files\Java\jre7\bin\jli.dll C:\Program Files\Java\jre7\bin\jp2iexp.dll C:\Program Files\Java\jre7\bin\jp2launcher.exe C:\Program Files\Java\jre7\bin\jp2native.dll C:\Program Files\Java\jre7\bin\jp2ssv.dll C:\Program Files\Java\jre7\bin\jpeg.dll C:\Program Files\Java\jre7\bin\jpicom.dll C:\Program Files\Java\jre7\bin\jpiexp.dll C:\Program Files\Java\jre7\bin\jpinscp.dll C:\Program Files\Java\jre7\bin\jpioji.dll C:\Program Files\Java\jre7\bin\jpishare.dll C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Java\jre7\bin\jsdt.dll C:\Program Files\Java\jre7\bin\jsound.dll C:\Program Files\Java\jre7\bin\jsoundds.dll C:\Program Files\Java\jre7\bin\kcms.dll C:\Program Files\Java\jre7\bin\keytool.exe C:\Program Files\Java\jre7\bin\kinit.exe C:\Program Files\Java\jre7\bin\klist.exe C:\Program Files\Java\jre7\bin\ktab.exe C:\Program Files\Java\jre7\bin\libxml2.dll C:\Program Files\Java\jre7\bin\libxslt.dll C:\Program Files\Java\jre7\bin\management.dll C:\Program Files\Java\jre7\bin\mlib_image.dll C:\Program Files\Java\jre7\bin\msvcr100.dll C:\Program Files\Java\jre7\bin\net.dll C:\Program Files\Java\jre7\bin\nio.dll C:\Program Files\Java\jre7\bin\npjpi170_45.dll C:\Program Files\Java\jre7\bin\npoji610.dll C:\Program Files\Java\jre7\bin\npt.dll C:\Program Files\Java\jre7\bin\orbd.exe C:\Program Files\Java\jre7\bin\pack200.exe C:\Program Files\Java\jre7\bin\plugin2 C:\Program Files\Java\jre7\bin\policytool.exe C:\Program Files\Java\jre7\bin\prism-d3d.dll C:\Program Files\Java\jre7\bin\rmid.exe C:\Program Files\Java\jre7\bin\rmiregistry.exe C:\Program Files\Java\jre7\bin\servertool.exe C:\Program Files\Java\jre7\bin\splashscreen.dll C:\Program Files\Java\jre7\bin\ssv.dll C:\Program Files\Java\jre7\bin\ssvagent.exe C:\Program Files\Java\jre7\bin\sunec.dll C:\Program Files\Java\jre7\bin\sunmscapi.dll C:\Program Files\Java\jre7\bin\t2k.dll C:\Program Files\Java\jre7\bin\tnameserv.exe C:\Program Files\Java\jre7\bin\unpack.dll C:\Program Files\Java\jre7\bin\unpack200.exe C:\Program Files\Java\jre7\bin\verify.dll C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll C:\Program Files\Java\jre7\bin\wsdetect.dll C:\Program Files\Java\jre7\bin\zip.dll C:\Program Files\Java\jre7\classes C:\Program Files\Java\jre7\lib C:\Program Files\Java\jre7\lib\accessibility.properties C:\Program Files\Java\jre7\lib\charsets.jar C:\Program Files\Java\jre7\lib\currency.data C:\Program Files\Java\jre7\lib\currency.properties C:\Program Files\Java\jre7\lib\ext C:\Program Files\Java\jre7\lib\ext\access-bridge.jar C:\Program Files\Java\jre7\lib\ext\dnsns.jar C:\Program Files\Java\jre7\lib\ext\jaccess.jar C:\Program Files\Java\jre7\lib\ext\localedata.jar C:\Program Files\Java\jre7\lib\ext\meta-index C:\Program Files\Java\jre7\lib\ext\sunec.jar C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar C:\Program Files\Java\jre7\lib\ext\sunpkcs11.jar C:\Program Files\Java\jre7\lib\ext\zipfs.jar C:\Program Files\Java\jre7\lib\jaxp.properties C:\Program Files\Java\jre7\lib\jce.jar C:\Program Files\Java\jre7\lib\jfr.jar C:\Program Files\Java\jre7\lib\jsse.jar C:\Program Files\Java\jre7\lib\management\usagetracker.properties C:\Program Files\Java\jre7\lib\meta-index C:\Program Files\Java\jre7\lib\net.properties C:\Program Files\Java\jre7\lib\resources.jar C:\Program Files\Java\jre7\lib\rt.jar C:\Program Files\Java\jre7\lib\security\US_export_policy.jar C:\Program Files\Java\jre7\lib\security\cacerts C:\Program Files\Java\jre7\lib\security\java.security C:\Program Files\Java\jre7\lib\security\jssecacerts C:\Program Files\Java\jre7\lib\security\local_policy.jar C:\Program Files\Java\jre7\lib\sunrsasign.jar C:\Program Files\Java\jre7\lib\swing.properties C:\Program Files\Java\jre7\lib\tzmappings C:\Program Files\Java\jre7\lib\zi\America\Godthab C:\Program Files\Java\jre7\meta-index C:\Program%20Files\Java\jre7\lib\ext\sunec.dll C:\Program%20Files\Java\jre7\lib\ext\sunmscapi.dll C:\Program%20Files\Java\jre7\lib\ext\x86\sunec.dll C:\Program%20Files\Java\jre7\lib\ext\x86\sunmscapi.dll C:\Users\EEBsYm5\.accessibility.properties C:\Users\EEBsYm5\AppData\Local\Temp C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5 C:\Users\EEBsYm5\AppData\Local\Temp\\hsperfdata_EEBsYm5\3332 C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe C:\Users\EEBsYm5\AppData\Roaming\Oracle\lib\endorsed C:\Users\EEBsYm5\AppData\Roaming\Oracle\lib\ext C:\Users\EEBsYm5\AppData\Roaming\Oracle\lib\tzmappings C:\Users\EEBsYm5\Desktop C:\Users\EEBsYm5\Desktop\D01AA4~1.JAR C:\Users\EEBsYm5\Desktop\d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874.jar C:\Users\EEBsYm5\PKcVbKSqerl C:\Users\EEBsYm5\PKcVbKSqerl\ID.txt C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj C:\Users\EEBsYm5\fUTkALeaTxM C:\Users\EEBsYm5\fUTkALeaTxM\DdWDtpinxpf C:\Users\EEBsYm5\fUTkALeaTxM\ID.txt C:\Windows\Sun\Java\lib\ext C:\Windows\Sun\Java\lib\ext\meta-index C:\Windows\System32\test.txt \etc\release cscript.exe MD5 hashes: 3bdfd33017806b85949b6faa7d4b98e4 3d0e087dfb49330b60853005578fb212 4ccee4a6fd5867cfa215138a8b045386 a32c109297ed1ca155598cd295c26611 d41d8cd98f00b204e9800998ecf8427e df2c86399cc6351ba9d77881c87f201f e891e59a10a74f7544fbeffe20d46d49 SHA1 hashes: 67fdc16a3019e0283bc362e60260ab309710f80c 96fb6d9a48b81b8bd058c80c4fa4e3484d1a61d2 bd38681542cb4f76b94507343159cca6e5c89497 da39a3ee5e6b4b0d3255bfef95601890afd80709 dc4a1fdbaad15ddd6fe22d3907c6b03727b71510 e9ba832a241996225f6a30f9f60b52ba91ca342c f92844fee69ef98db6e68931adfaa9a0a0f8ce66 SHA256 hashes: 08af25f22935ea54454d956d921ac38725db45a49a8e615b59ea17eeac5a89d1 45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7 8378e312f7d1dc47b3d75335dd0287fe32fbf5ccdbb4810396f911fb5dcd6e8c 9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6 d01aa424c91a43c1f87e45da12437d7b4f52b0fa756799ec273bc1f942677874 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ff4a8660585a9a7e79d9491f4f132a31065420770c0c3b4830af8a482b5f7afa