Sample File: MD5 hash: 345d140139d2d11713b06f1cd9a5669e SHA1 hash: ca3c843964caa54471c136e8fc36bcb3534c1432 SHA256 hash: f9dfdce85f83d7a416ecc162a9f68643357b1fd10ea29e6b2cd934b967192a74 SSDEEP hash: 6144:kNlHAp8tUArLrLrLfMemq5MmsCdKSXZ/cJlCJ6AWJE9V50DErTNg/ydlb4fQ6wFL:14DmGw6yDKNg6dNoQl+v Filename(s): test.exe Filetype: Windows Exe (x86-32) Mutex IOCs: 9cda09f29c354b42 Registry Key IOCs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName Domain IOCs: - None - IP IOCs: 92.63.8.47 92.63.37.100 92.63.32.2 URL IOCs: 92.63.8.47/archive/fxc.action?sdp=q&g=6oix0&qbaa=6b&k=u7a7u 92.63.37.100/post/checkout/mkgqp.cgi?iii=8128v5 92.63.32.2/tbrelgdfl.cgi?ah=wjfq2ey&j=23t84u4&ytxn=8kk6be554 File IOCs: Filenames: C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT-FILES.html C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\wevkgn5.dat C:\$Recycle.Bin\\DECRYPT-FILES.html C:\$Recycle.Bin\\wevkgn5.dat C:\Boot\BCD C:\Boot\BCD.LOG C:\Boot\BCD.LOG1 C:\Boot\BCD.LOG2 C:\Boot\BOOTSTAT.DAT C:\Boot\BOOTSTAT.DAT.R0GsRvs C:\Boot\Fonts\\DECRYPT-FILES.html C:\Boot\Fonts\\wevkgn5.dat C:\Boot\Fonts\chs_boot.ttf C:\Boot\Fonts\cht_boot.ttf C:\Boot\Fonts\jpn_boot.ttf C:\Boot\Fonts\kor_boot.ttf C:\Boot\Fonts\wgl4_boot.ttf C:\Boot\\DECRYPT-FILES.html C:\Boot\\wevkgn5.dat C:\Boot\cs-CZ\\DECRYPT-FILES.html C:\Boot\cs-CZ\\wevkgn5.dat C:\Boot\cs-CZ\bootmgr.exe.mui C:\Boot\da-DK\\DECRYPT-FILES.html C:\Boot\da-DK\\wevkgn5.dat C:\Boot\da-DK\bootmgr.exe.mui C:\Boot\de-DE\\DECRYPT-FILES.html C:\Boot\de-DE\\wevkgn5.dat C:\Boot\de-DE\bootmgr.exe.mui C:\Boot\el-GR\\DECRYPT-FILES.html C:\Boot\el-GR\\wevkgn5.dat C:\Boot\el-GR\bootmgr.exe.mui C:\Boot\en-US\\DECRYPT-FILES.html C:\Boot\en-US\\wevkgn5.dat C:\Boot\en-US\bootmgr.exe.mui C:\Boot\en-US\memtest.exe.mui C:\Boot\es-ES\\DECRYPT-FILES.html C:\Boot\es-ES\\wevkgn5.dat C:\Boot\es-ES\bootmgr.exe.mui C:\Boot\fi-FI\\DECRYPT-FILES.html C:\Boot\fi-FI\\wevkgn5.dat C:\Boot\fi-FI\bootmgr.exe.mui C:\Boot\fr-FR\\DECRYPT-FILES.html C:\Boot\fr-FR\\wevkgn5.dat C:\Boot\fr-FR\bootmgr.exe.mui C:\Boot\hu-HU\\DECRYPT-FILES.html C:\Boot\hu-HU\\wevkgn5.dat C:\Boot\hu-HU\bootmgr.exe.mui C:\Boot\it-IT\\DECRYPT-FILES.html C:\Boot\it-IT\\wevkgn5.dat C:\Boot\it-IT\bootmgr.exe.mui C:\Boot\ja-JP\\DECRYPT-FILES.html C:\Boot\ja-JP\\wevkgn5.dat C:\Boot\ja-JP\bootmgr.exe.mui C:\Boot\ko-KR\\DECRYPT-FILES.html C:\Boot\ko-KR\\wevkgn5.dat C:\Boot\ko-KR\bootmgr.exe.mui C:\Boot\memtest.exe C:\Boot\nb-NO\\DECRYPT-FILES.html C:\Boot\nb-NO\\wevkgn5.dat C:\Boot\nb-NO\bootmgr.exe.mui C:\Boot\nl-NL\\DECRYPT-FILES.html C:\Boot\nl-NL\\wevkgn5.dat C:\Boot\nl-NL\bootmgr.exe.mui C:\Boot\pl-PL\\DECRYPT-FILES.html C:\Boot\pl-PL\\wevkgn5.dat C:\Boot\pl-PL\bootmgr.exe.mui C:\Boot\pt-BR\\DECRYPT-FILES.html C:\Boot\pt-BR\\wevkgn5.dat C:\Boot\pt-BR\bootmgr.exe.mui C:\Boot\pt-PT\\DECRYPT-FILES.html C:\Boot\pt-PT\\wevkgn5.dat C:\Boot\pt-PT\bootmgr.exe.mui C:\Boot\ru-RU\\DECRYPT-FILES.html C:\Boot\ru-RU\\wevkgn5.dat C:\Boot\ru-RU\bootmgr.exe.mui C:\Boot\sv-SE\\DECRYPT-FILES.html C:\Boot\sv-SE\\wevkgn5.dat C:\Boot\sv-SE\bootmgr.exe.mui C:\Boot\tr-TR\\DECRYPT-FILES.html C:\Boot\tr-TR\\wevkgn5.dat C:\Boot\tr-TR\bootmgr.exe.mui C:\Boot\zh-CN\\DECRYPT-FILES.html C:\Boot\zh-CN\\wevkgn5.dat C:\Boot\zh-CN\bootmgr.exe.mui C:\Boot\zh-HK\\DECRYPT-FILES.html C:\Boot\zh-HK\\wevkgn5.dat C:\Boot\zh-HK\bootmgr.exe.mui C:\Boot\zh-TW\\DECRYPT-FILES.html C:\Boot\zh-TW\\wevkgn5.dat C:\Boot\zh-TW\bootmgr.exe.mui C:\Config.Msi\\DECRYPT-FILES.html C:\Config.Msi\\wevkgn5.dat C:\Documents and Settings\\DECRYPT-FILES.html C:\Documents and Settings\\wevkgn5.dat C:\MSOCache\\DECRYPT-FILES.html C:\MSOCache\\wevkgn5.dat C:\PerfLogs\Admin\\DECRYPT-FILES.html C:\PerfLogs\Admin\\wevkgn5.dat C:\PerfLogs\\DECRYPT-FILES.html C:\PerfLogs\\wevkgn5.dat C:\ProgramData\foo.db C:\Recovery\\DECRYPT-FILES.html C:\Recovery\\wevkgn5.dat C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.9emKr C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT-FILES.html C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\wevkgn5.dat C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.XvZHI C:\System Volume Information\\DECRYPT-FILES.html C:\System Volume Information\\wevkgn5.dat C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.wHLcdW C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.34tSh1K C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.iHt9 C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\DECRYPT-FILES.html C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\wevkgn5.dat C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.6PFi C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.KH4Dw9W C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\DECRYPT-FILES.html C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\wevkgn5.dat C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\DECRYPT-FILES.html C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\wevkgn5.dat C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\DECRYPT-FILES.html C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\wevkgn5.dat C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\DECRYPT-FILES.html C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\wevkgn5.dat C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\DECRYPT-FILES.html C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\wevkgn5.dat C:\Users\5p5NrGJn0jS HALPmcxz\\DECRYPT-FILES.html C:\Users\5p5NrGJn0jS HALPmcxz\\wevkgn5.dat C:\Users\\DECRYPT-FILES.html C:\Users\\wevkgn5.dat C:\\DECRYPT-FILES.html C:\\wevkgn5.dat C:\bootmgr C:\hiberfil.sys C:\pagefile.sys MD5 hashes: 531773e2468abe0925223914e6e95d8b 6c8cd304002ba6bd422c58e306fde103 89de74772f8f5ca07afd7230d0f39b35 8e9a56be470565a4c272341041e708fa 9d608e3d8417eb7c56907762c7405cfe ac013e7d8d6ca0f301f387c10eba509d bd95c89d91ebc03b4d088b6cdfbc867c e0b7853f83dbdb26816e9bde97bfeefc e8a7823ba628d4c3b2dc7196fbf058bc SHA1 hashes: 52578de1ff4b1714c9ecf46ec6bd3265b448ed55 5a04bebd2b4993a53649095546831170c963d01f 71ddd74cab13a317877090dfa3ae4c53b49e5a32 844f9b65e1caf41f014d3fc7393ccf33d9a39c01 9668c981fb918a5333829c256d85aa645507d7b1 a5b1fb84fe00d72e5d593e880d112b1f84a47fa1 adbc196503e040d5f9641cf83d7cd09e67864014 c7eee2c21342743a59ee335ff525330f4d273410 ecffc9227c20121ec401661afcc7b76d6bd9dd8f SHA256 hashes: 2d8fd83fc4f4c5770c4176b143df31f83d5b5d07612fc0710dcc61e70504ee21 2db74a478b1f475b3a2ec965a9bf0a7ebd968d1a4189e124f04940865a8a2622 364d5b08ed141e2cea519babf72a77285bba657d18bd2374db55bbd779d77b45 38a991403d5a297dac40971538baf4d9d86ca10ea84494735e86a2b115863ef5 a0277c7ca4ed3e13dedc950b6041c098cc8d8b5302e8ad8c25dc49b4495a8ad6 a56c3573e909ddf3620abce358b38ae1acfdd69d21130f39a2e5b6862f344dbb a6deb72e8ac69b7dde46ad14a75dae91c571ceb13de49286772ce8bb28598f4a eed9af6b4e4ae888c60631707c1b65f21a06f4561ce25fb342daa8ac32334fa3 ef84cd16c1f38d0749e5060286d624f75819940c34043e2cc3050756dbd596cd SSDEEP hashes: 1536:2UqgOrNWMHTJxQ+jnatw5mLk4AS3rGg6R6KDX2:ygOrU2TJxQnQmLX3r88Kb2 1536:dmsdtkU2OS8u5mh8MS6EjLoTTPFBWBF7UKxvZ87+nCTh51/1HP9om+EwuYD:dTtaOS8uUhvS6woTz+BF7RxvAgC3OmO7 1536:qJB424/1d7gbOq4Eegs85FkSYxxUgtjiMgidCRCJYRDt:KB44bj4gwogz8VRh 196608:xlp6UMEbiZG5ygm8j3k0EHZWbVFmvVYyyZvOXWBEY+1BVQ:x+UMaigoX8zY5bVSv0YEBVQ 3072:7ZnFaqG0actu95eRZtg5FtXtnHd3PdAzG4zZ0BH5dTRiuxLqQn4M:RFaqGhKA5C+dnHd94NgH5BxLqlM 768:B8uH1ZA7F5PgA7ao8MsLVqD8O0K/vmi53D5iEAGkVL21LFP+fE:yG/M5PgAeooLVqdur9VLSFms 96:soMHwaw9ZFoBV2N20l3LtdSoVvlsThwVyUOCaRpMzrQC8DdoXPpgLIiz2Z5E:soMHEFoBANDVZMesTh4yUOPvMzrz8Dd5 96:z2dMHJdgvOYEHdwLH+66GU2ZClg1D6A0Fl9B89HN2K3zaKo4W:sGwuHdwLH+DGURg1JAl9CHhur9 98304:95GoTKOQ7MgTjyYpjkRtrLSm9JD34TFDgU9mj:jrUTjRk791iF0UIj