Sample File:

	MD5 hash:
		4d361636994eb14917467808fd94cad0

	SHA1 hash:
		b83834a176fcb3eae08d6c1d34ac1c9acac81228

	SHA256 hash:
		b240e52ea8a55a50760de6017d644d2d0fcc43fd8918abdf99964efb464c37b6

	SSDEEP hash:
		3072:Erdhvrr4E7jSkjuZjlWxBpUza52zXu6UVSLoYRLfPK:ELIGvuUwJ6

	Filename(s):
		xeuovifzzc.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		
		310A-4BA29U3JAIZ
		507R49362TX68WZz
		S-1-5-21-1051304-1376299523134


Registry Key IOCs:

		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
		HKEY_CURRENT_USER\Software\VB and VBA Program Settings\antistrike\VIKTUALIEFORRETNINGS
		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName


Domain IOCs:

		www.consultgenou.com
		webredir.vip.gandi.net


IP IOCs:

		5.206.227.100
		217.70.184.50


URL IOCs:

		http://5.206.227.100/private/smarty.bin


File IOCs:

	Filenames:
		C:\Windows\SysWOW64\cmd.exe
		C:\WINDOWS\system32
		C:\Program Files\Qemu-ga\qemu-ga.exe
		C:\Users\FD1HVy\Desktop\xeuovifzzc.exe
		\??\C:\WINDOWS\SYSTEM32\ntdll.dll
		C:\Program Files\qga\qga.exe
		\??\C:\Windows\SysWOW64\cmstp.exe
		C:\Users\FD1HVy\Desktop
		\??\C:\Users\FD1HVy\Desktop\xeuovifzzc.exe
		\??\C:\WINDOWS\System32\drivers\etc\hosts
		C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
		\??\C:\Users\FD1HVy\AppData\Roaming\Desktop\xeuovifzzc.exe
		\??\C:\WINDOWS\syswow64\msvbvm60.dll

	MD5 hashes:
		4d361636994eb14917467808fd94cad0

	SHA1 hashes:
		b83834a176fcb3eae08d6c1d34ac1c9acac81228

	SHA256 hashes:
		b240e52ea8a55a50760de6017d644d2d0fcc43fd8918abdf99964efb464c37b6

	SSDEEP hashes:
		3072:Erdhvrr4E7jSkjuZjlWxBpUza52zXu6UVSLoYRLfPK:ELIGvuUwJ6