Sample File:

	MD5 hash:
		e89fe964d8ec168fe1b9b241cdfafc49

	SHA1 hash:
		b88bcb2d8d6a4ed477a639ad85a21e22a26aa638

	SHA256 hash:
		d45dfa19146949ef791c96b183f04f1b2ba480d32308b39a32976a2f30ecb6e5

	SSDEEP hash:
		6144:tQAL0EbQ1/2kAnKLfdfpe0KLk368xfCaU1c8HaIDvErTp:KAdQ8kXTd1KL/8xqaRVcEPp

	Filename(s):
		sample.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		Global\ID2CA4DEF
		Global\MD2CA4DEF
		Global\Nx133C00C5
		PEM1E0
		PEM1E4
		PEM500
		PEM57C
		PEMAD0
		PEME78


Registry Key IOCs:

		HKEY_CLASSES_ROOT\interface\{aa5b6a80-b834-11d0-932f-00a0c90dcaa9}
		HKEY_CURRENT_USER\Identities
		HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes
		HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
		HKEY_CURRENT_USER\Software\IncrediMail\Identities
		HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL
		HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic Salt
		HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
		HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
		HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
		HKEY_CURRENT_USER\Software\Microsoft\MessengerService
		HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles
		HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
		HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
		HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
		HKEY_CURRENT_USER\Software\Yahoo\Pager
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe
		HKEY_LOCAL_MACHINE\Software\Classes\Software\Qualcomm\Eudora\CommandLine\current
		HKEY_LOCAL_MACHINE\Software\Clients\Mail\Microsoft Outlook
		HKEY_LOCAL_MACHINE\Software\Clients\Mail\Microsoft Outlook\DLLPathEx
		HKEY_LOCAL_MACHINE\Software\Group Mail
		HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities
		HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird


Domain IOCs:

		239.255.255.250


IP IOCs:

		41.57.104.182
		208.86.13.216
		239.255.255.250


URL IOCs:

		HTTP://41.57.104.182
		http://208.86.13.216:443/whoami.php
		HTTP://208.86.13.216


File IOCs:

	Filenames:

		C:\
		C:\Program Files (x86)\Mozilla Thunderbird
		C:\Program Files (x86)\Sea Monkey\nss3.dll
		C:\Users\CIiHmnxMn6Ps\Desktop\sample.exe
		C:\Windows\
		C:\Windows\SysWOW64\
		C:\Windows\SysWOW64\eulacompile.exe
		C:\Windows\SysWOW64\indexerneutral.exe
		C:\Windows\SysWOW64\indexerneutral.exe:Zone.Identifier
		C:\Windows\SysWOW64\indexerneutral_lng.ini
		C:\Windows\SysWOW64\indexerneutrala.exe
		C:\Windows\SysWOW64\indexerneutralb.exe
		C:\Windows\TEMP\2ECB.tmp
		C:\Windows\TEMP\3256.tmp
		C:\Windows\TEMP\3267.tmp
		C:\Windows\TEMP\3595.tmp
		C:\Windows\system32\alg.exe
		C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
		C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\WebCache\WebCacheV24.dat
		C:\Windows\system32\config\systemprofile\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\Preferences\keychain.plist
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\profiles.ini
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Profiles
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\Login Data
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera\Opera7\profile\wand.dat
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera\Opera\wand.dat
		C:\Windows\system32\config\systemprofile\AppData\Roaming\Thunderbird\Profiles

	MD5 hashes:

		36427ecb2a0faf13af3047c51b29f9c5
		d41d8cd98f00b204e9800998ecf8427e
		dd69535d379f9e40ad0d6002887aaa99
		e89fe964d8ec168fe1b9b241cdfafc49

	SHA1 hashes:

		8161ff401f7f706e648b79ae448b49c2795799dc
		9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f
		b88bcb2d8d6a4ed477a639ad85a21e22a26aa638
		da39a3ee5e6b4b0d3255bfef95601890afd80709

	SHA256 hashes:

		579dd18ce2b264b4058c6069b8aee6fd9fe6a882b7da19e300dfe40b37a4e5be
		d45dfa19146949ef791c96b183f04f1b2ba480d32308b39a32976a2f30ecb6e5
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
		ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345

	SSDEEP hashes:

		1536:VDdMLazKn0KNp395hbNxwG6UZQ86llDJvHZr5XK338ldaA7H3:TMLazI0Kj95x7wG6plV5l6H8b
		3::
		3:q8CJGEIUEF7eSAMzr+WABEImBzEWVAZGXhRAJ1zKI9:hCyUEZNiWSmBzNmeRAH9
		6144:tQAL0EbQ1/2kAnKLfdfpe0KLk368xfCaU1c8HaIDvErTp:KAdQ8kXTd1KL/8xqaRVcEPp