Sample File:

	MD5 hash:
		d82d5def9a8c3184e7116ea172c70e09

	SHA1 hash:
		0886bb5f98a43c7464115644756c9a15bd95af54

	SHA256 hash:
		62dcc35536fc49377722d40cf6fe4d924bd415aeb9a9036be067b25a306dd845

	SSDEEP hash:
		12288:xvGPh1DOPLOgzyArtDaWZXpbGQENdag2gY7gQdAQ4+uG6at31SI5vG:8Z1DOPLXzyArtlMBcgQiL+WatlSIe

	Filename(s):
		muziko66.EXE

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		CIiHmnxMn6Ps5
		SWE2F15657A4JJ
		SWE2F15657A4JJCIiHmnxMn6Ps15
		SWE2F15657A4JJ_RESTART
		SWE2F15657A4JJ_SAIR
		xXx_key_xXx


Registry Key IOCs:

		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup
		HKEY_CURRENT_USER\SOFTWARE\remote
		HKEY_CURRENT_USER\SOFTWARE\remote\FirstExecution
		HKEY_CURRENT_USER\SOFTWARE\remote\NewGroup
		HKEY_CURRENT_USER\SOFTWARE\remote\NewIdentification
		HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
		HKEY_CURRENT_USER\Software\Borland\Locales
		HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\
		HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{3HG21N73-YORJ-B011-YIQ6-T2M8WYWY35PU}
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\HKCU
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\winamp.exe
		HKEY_LOCAL_MACHINE\Software\Borland\Locales
		HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{3HG21N73-YORJ-B011-YIQ6-T2M8WYWY35PU}
		HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{3HG21N73-YORJ-B011-YIQ6-T2M8WYWY35PU}\StubPath
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HKLM
		HKEY_PERFORMANCE_DATA


Domain IOCs:

		koko35.ddns.net


IP IOCs:

		- None -


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\
		C:\Users\
		C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps2.txt
		C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7
		C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps8
		C:\Users\CIiHmnxMn6Ps\
		C:\Users\CIiHmnxMn6Ps\AppData\
		C:\Users\CIiHmnxMn6Ps\AppData\Local\cBxBGxB
		C:\Users\CIiHmnxMn6Ps\AppData\Local\uTorrent.exe
		C:\Users\CIiHmnxMn6Ps\AppData\Local\winamp.exe
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CIiHmnxMn6Ps-wchelper.dll
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\D2CA4DEF\
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\D2CA4DEF\21-11-2018
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\D2CA4DEF\ak.tmp
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\install\
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\install\svchost.exe
		C:\Users\CIiHmnxMn6Ps\Desktop\muziko66.EXE
		C:\Windows\
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
		C:\Windows\SysWOW64\install\1033\VBC7ui.dll
		C:\Windows\SysWOW64\install\9\VBC7ui.dll
		C:\Windows\SysWOW64\install\VBC7ui.dll
		C:\Windows\system32\
		C:\Windows\system32\install\
		C:\Windows\system32\install\svchost.exe

	MD5 hashes:

		2a335af28de46ab0c68fc8f38cf4a1ce
		7f77d674b1e8b92c8517b85260557f7f
		aae305addaaaa35be9e6c3b41a07a48c
		af900417584624e7071641559d29e3c7
		b2af7af5965cfbe7c37072fe9196e7dd
		c92b9edd5e62426a769875b1146290b7
		cf43d0f929ae3335692d014f4df05e6d
		d41d8cd98f00b204e9800998ecf8427e
		d82d5def9a8c3184e7116ea172c70e09

	SHA1 hashes:

		0886bb5f98a43c7464115644756c9a15bd95af54
		1cd8ec4e84a50167af2ce157138224535833543d
		49874a83cb0c1c3750ddf07592d0c5ae025a9259
		5aedd83ec79466ce24ff92c75abf2989f6bd0126
		9a0c0aaac61cae7e701a3baf9da767189c5e65a7
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		dc5d95d6c8ceb93d04dc5a4c2ae0928267784130
		edd23c5f0d1fe65827fb5a678bd590425e1c2b87
		f44abd35c252539ab183aa20b3c24ac2369c8674

	SHA256 hashes:

		0052a516da7df2a8166603c3e259fc79275fdaa681a727d2b5b58e1d8f9baf85
		0c436da0aec39721cbacbccd7cea43ef0848440c79195c13169ab89cf9311327
		18999411b2fb51ed2cb6044a3e38bf76567fd6cdf1ac1155fe511a84d83606cd
		62dcc35536fc49377722d40cf6fe4d924bd415aeb9a9036be067b25a306dd845
		68c33b1c6248cc3ed73dd758420ed370ff6dc082d607557c5e2e3da821fb71d8
		b3ee6953ff49705ae90ce8b2cafbed7df9674b227f4aed0279fdf44f358d3e8e
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
		e5e97847049055d0e6bdac235a2904799d552b4fbebbaf11d5c540d5cf019741
		ffd96dec29021897a31ded76d58626b66b01b02b3926f5ebd1b1f860ac76a137

	SSDEEP hashes:

		12288:iDk11YUzEhUFNGI8hpG+qLV9YzzHdEVGhPr:3HzEoNGIKGJHYzzHSVGR
		12288:xvGPh1DOPLOgzyArtDaWZXpbGQENdag2gY7gQdAQ4+uG6at31SI5vG:8Z1DOPLXzyArtlMBcgQiL+WatlSIe
		3072:vcJEm2+l1AHreW8xa4TfsBbxNkNx+ce5L69an8j2wEqD5r947d:EJEmL12rn8xa4Lsx7kNx+vgOu5+7d
		3::
		3:KfT:Kr
		3:OW:OW
		3:TlbC1c5TUmh/VJS1Joanh:Q1yAmhdyoWh
		3:sZmP4tRBBFQF:x4tRBBFQF
		6144:gA0nitqv/nHrHxVPGTZTzq9SkTr2m7mrUsqWBn837FNldObO3k1jh:gBi8vvrHxVPKyv2m77sZB07FxObO32l