Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %AppData%\24_10_2013_XVID 35 bytes MD5: 0xEC3DEBA43A3CBD2C98DA188EE591A5EF
SHA-1: 0xCEA91AB5C6E0D312652212CEF296293E124BBBC4
2 %AppData%\Update.exe 32,768 bytes MD5: 0xFA7425E5D237910A5E898D5D5CD53324
SHA-1: 0x2BFE063EE1C7A56E310B9E9AC50B521E1C11172A
3 %UserProfile%\RFCXE\10045.UJA 5 bytes MD5: 0x997E65474A248252883B485717F7D098
SHA-1: 0xB19EEB66AD614C6197B1B13F27BA297B6E5540A0
4 %UserProfile%\RFCXE\10484.WCO 5 bytes MD5: 0x3C63EC7BE1B6C49E6C308397023FD8CD
SHA-1: 0xDC8B37D8943B75EE28FFEAF54BBFE8D9E4C82DAF
5 %UserProfile%\RFCXE\10726.JNF 5 bytes MD5: 0x992F0FED0720DBB9D4E060D03ED531BA
SHA-1: 0x71D2427B5862792C798D19FC28DBBB21BFE421A9
6 %UserProfile%\RFCXE\11443.XLR 5 bytes MD5: 0xA5B564F638F409E68B3F7E0AAE45D366
SHA-1: 0xE1EF65F2FAA5A2129F2FA6BDC95E57EC8BFB6D4E
7 %UserProfile%\RFCXE\11998.DPW 5 bytes MD5: 0x516CC95D0BAF5A0B04F55D8AE4212944
SHA-1: 0x1457244AB85BC869CDCA9FDF9D9F382B3DB019C4
8 %UserProfile%\RFCXE\1221.QHR 4 bytes MD5: 0x1D72310EDC006DADF2190CAAD5802983
SHA-1: 0x22A366E578FC19525BE71B6B3013EF8CC5CB1A74
9 %UserProfile%\RFCXE\12530.LLH 5 bytes MD5: 0xE26DBB5B1843BF566EA7EC757F3325C4
SHA-1: 0xD6516D82A21F352744E28D6CB4F8DFEE2205017D
10 %UserProfile%\RFCXE\13196.ENV 5 bytes MD5: 0x91A448039265FC4A83F545A4945E37A3
SHA-1: 0x653B3DCF2C3844162530863C94B2C345C82D6EFE
11 %UserProfile%\RFCXE\13359.TYK 5 bytes MD5: 0x81B0E1902F1C695C267651E72616F46E
SHA-1: 0x0A874D58ADAB9B6ED43B683A9FEB671194209CE1
12 %UserProfile%\RFCXE\1337.DVH 4 bytes MD5: 0xE48E13207341B6BFFB7FB1622282247B
SHA-1: 0x77BA9CD915C8E359D9733EDCFE9C61E5ACA92AFB
13 %UserProfile%\RFCXE\13380.DME 5 bytes MD5: 0xE2E1CBE72AB1192E395C35295763982A
SHA-1: 0xE72C7119A205703959BAA9F24B977656D10A31C0
14 %UserProfile%\RFCXE\134267.dat 28,052 bytes MD5: 0x760A23D1E3CFB9F573E7F20BAA529B92
SHA-1: 0xE96C8857B6A0FEF82618B7D24265381EFA121031
15 %UserProfile%\RFCXE\13579.YCM 5 bytes MD5: 0xE13DD027BE0F2152CE387AC0EA83D863
SHA-1: 0x93BA1608FC10B710894FB9F8C89724C6EEB44D11
16 %UserProfile%\RFCXE\13951.MOH 5 bytes MD5: 0xD56FAC4FC074379769B86E77E00422DC
SHA-1: 0x9F30C86460808ED0B861B44C211BA8FD6FE41640
17 %UserProfile%\RFCXE\14281.XYC 5 bytes MD5: 0x3AB9A9924133B76CDD88DB6E7B2734DA
SHA-1: 0xEFA0239EF2CB97AAEACB29EF53C63EBB679C2705
18 %UserProfile%\RFCXE\14486.VBR 5 bytes MD5: 0xAA8CB12CF9BDAF4C309614E7A427B480
SHA-1: 0x01810DA408E70AD822B2F389DD39BD3D4C48B74F
19 %UserProfile%\RFCXE\15054.RSW 5 bytes MD5: 0xD9A849054248CB8A75FAA6FAADB62507
SHA-1: 0xF92A1811F0675D1D64B29010A11BA00EB6078C86
20 %UserProfile%\RFCXE\1557.FPF 4 bytes MD5: 0x596F713F9A7376FE90A62ABAAEDECC2D
SHA-1: 0x4969DE54A08304D642C196AC05D389BBBB255571
21 %UserProfile%\RFCXE\16860.UWZ 5 bytes MD5: 0xC47E6FCB58178824F37F28DABA24A9A3
SHA-1: 0x41044EDC5125BD199E3B3A784DCBFBD0EB6AEC8F
22 %UserProfile%\RFCXE\17361.GWM 5 bytes MD5: 0xE0DDC27E24C6E49ACE5A5DCEF6C784EB
SHA-1: 0xCD44056094EDEBD0965459E9B007AC1E4F25DC8F
23 %UserProfile%\RFCXE\18088.ONN 5 bytes MD5: 0xC5E4A3D4256265592A3E0C0831ED82BD
SHA-1: 0x784E28B4B20F558B72F759737077AD9DB571BC0C
24 %UserProfile%\RFCXE\1900.KYZ 4 bytes MD5: 0x9FDB62F932ADF55AF2C0E09E55861964
SHA-1: 0x259E58E1899790724F5BDE68F6C687293FCE64D1
25 %UserProfile%\RFCXE\19073.VUZ 5 bytes MD5: 0x76D90B75C6CFB51AC5F82F265B06A6D7
SHA-1: 0x83A601A311A42F941195A9AB7F5CD9904B033A3E
26 %UserProfile%\RFCXE\19271.PII 5 bytes MD5: 0xAB9FD4AEE1EA74D4ABD54466385A2D18
SHA-1: 0x294CECECC1A70C42131E8A98095BAE724C45F53C
27 %UserProfile%\RFCXE\20331.XWZ 5 bytes MD5: 0xC85196EE65DB64D5955C31DD6C6D8690
SHA-1: 0x5C7BE17B2299488FEB9DE50A0703B97216CC5C1F
28 %UserProfile%\RFCXE\20435.ZTD 5 bytes MD5: 0x00254D816728EF385187C60B08CB5C10
SHA-1: 0xC806100AD2B61B06FE232468006BB818C43DFDAC
29 %UserProfile%\RFCXE\20453.VAM 5 bytes MD5: 0x5EE03AE5699C9A6C5040D80A2152CE35
SHA-1: 0xBE99BF8A106194CD597249087FB37FB456CCA04F
30 %UserProfile%\RFCXE\20457.SQU 5 bytes MD5: 0x655473BE4C6FE770AA0FDAE2241FEBA3
SHA-1: 0x367EEB25E60889DC3D04E1F70AC157772FA60D99
31 %UserProfile%\RFCXE\21305.QFD 5 bytes MD5: 0x3A909674B845C826ECCCFBE8A42247F6
SHA-1: 0x6B28B4C108558ABAE77E73790992ACF780147061
32 %UserProfile%\RFCXE\21788.RBH 5 bytes MD5: 0x18EBF96A2F92EE2FB5A254536239CC38
SHA-1: 0x0692A9CF787D9BE74B3BAB34B103003EEAD32BFA
33 %UserProfile%\RFCXE\22099.XWZ 5 bytes MD5: 0x050CB9ED012553BA17B834300D37E4D6
SHA-1: 0x6CC33376B57897AFB5DF5727E5DDCDBCB87DE602
34 %UserProfile%\RFCXE\22300.WBW 5 bytes MD5: 0x6BB604663D5D74F1431FF8A4995F9FD7
SHA-1: 0x4DAEAB1269D433045D6F1B41FE98DEB11B21C814
35 %UserProfile%\RFCXE\22434.YJS 5 bytes MD5: 0x5434DC43A6ABF2555AB0489A105FCCA4
SHA-1: 0x797ADF407A80C3367BCCF3A33F89402C4D0D7946
36 %UserProfile%\RFCXE\2270.QWF 4 bytes MD5: 0xCD0F74B5955DC87FD0605745C4B49EE8
SHA-1: 0x878FFA15449903C143F9AB9DAE71B690DE612E7B
37 %UserProfile%\RFCXE\23354.NLF 5 bytes MD5: 0x877E6815653B6F89F652DD3DA06B9F3A
SHA-1: 0xFE2E42EBD61F12AE4D9673917841633AA2F61B52
38 %UserProfile%\RFCXE\24107.YXW 5 bytes MD5: 0xA3ACD0761428F9193E6C01CF9A9B91A3
SHA-1: 0xBFBFE62137311F6B9CD2A684EBFAC6E8DA0C960B
39 %UserProfile%\RFCXE\25485.EDS 5 bytes MD5: 0x81EF0F4401B9BEC98B849DF4F0FEBFD3
SHA-1: 0x79709C0DC6E949597C5B9C52B1C72DBA83C78B50
40 %UserProfile%\RFCXE\25716.AAM 5 bytes MD5: 0xF4D3D2D59003D83FB3EF32F78610B4A2
SHA-1: 0xFBAB6910C686276E748B557445B93CBA43AB61BA
41 %UserProfile%\RFCXE\25951.YSA 5 bytes MD5: 0x926356D4802A1BFC463E3D57DE581ED8
SHA-1: 0xD7F70D051224AD4A89252610EBFABAF94CA9CC04
42 %UserProfile%\RFCXE\26361.XIW 5 bytes MD5: 0xA0CA286F9EA237A167DA3A27F20FD560
SHA-1: 0xA313FA0F4F842F376FB6865AE194500CE9947110
43 %UserProfile%\RFCXE\26721.LFS 5 bytes MD5: 0xA16B5A3C25B73CE4E3445E369749DD43
SHA-1: 0x226A1B7E9D34D5EC718F9047A1D2899136D5075B
44 %UserProfile%\RFCXE\26999.FRZ 5 bytes MD5: 0x36BF0C2BE198FCE4B4CE1BDC6C9DBD56
SHA-1: 0xFC46EB440404ADB6B83A59DD411EC8BA2E230275
45 %UserProfile%\RFCXE\2711.QXB 4 bytes MD5: 0x65FC9FB4897A89789352E211CA2D398F
SHA-1: 0x88197B09866A12813AF0460C3ABD113989862C6D
46 %UserProfile%\RFCXE\27179.HPI 5 bytes MD5: 0xF76AC036826D99D8647E653D46BC965F
SHA-1: 0xEF5A74AFA0C8B399B07DFA9D56FC64DF58F68F81
47 %UserProfile%\RFCXE\27508.KGY 5 bytes MD5: 0x839E35ED92C4F5619E8579159F70C437
SHA-1: 0xC60043F184D65A3101C6DF21A087BBF99875A60B
48 %UserProfile%\RFCXE\27585.VOY 5 bytes MD5: 0x1833AC47B85928F3B36D2676CA9DF03A
SHA-1: 0x18A5282C2902C34115B128E10640C9112D6497EF
49 %UserProfile%\RFCXE\27828.AYT 5 bytes MD5: 0x5AA4A8377A596E113596BA843F3A3E93
SHA-1: 0x9AAC243C43540F71DA779DCCACCC9F380C83098B
50 %UserProfile%\RFCXE\28039.DVM 5 bytes MD5: 0x0B890A8CA95E146AE3686E4BD3B8C9D2
SHA-1: 0x1C5C0AD43039FD8CB07FE9B4E20726C860D8DB3E
51 %UserProfile%\RFCXE\28836.IGU 5 bytes MD5: 0xFA5CCA4A225BBC66D06943E6ECE245FB
SHA-1: 0xC3C459008C9D54259F761A58997D3E235621C173
52 %UserProfile%\RFCXE\30655.VVK 5 bytes MD5: 0x0F7521A9B9E2084F08CF6ADF4CDD8C21
SHA-1: 0xF9216BA730E57C04C72583BE1A9841043BB625BB
53 %UserProfile%\RFCXE\30695.BJX 5 bytes MD5: 0x5ED9DCF3D3D3DD8712866E81DDEAA03D
SHA-1: 0x5648DCC3C646A864E5CC5789E493A2A723C95C16
54 %UserProfile%\RFCXE\31185.GTU 5 bytes MD5: 0xB789CE7F0C28E1831A5B0A1998E38D1E
SHA-1: 0xE546428952A67A671747D6D7C458F6652E2374E0
55 %UserProfile%\RFCXE\31216.MPU 5 bytes MD5: 0xC17D923EE20F8A125139FE2DC0054FF1
SHA-1: 0xE3AF1A6A8476D609B1D24D6EA0A67A65BAA8B252
56 %UserProfile%\RFCXE\32127.XCD 5 bytes MD5: 0xE01E2A7DC9F98AEE65E95FEE05300993
SHA-1: 0x92116D73E93A1233047351ADD5D9EA7B744FF2B1
57 %UserProfile%\RFCXE\32347.RCB 5 bytes MD5: 0xD877F2827995CB75C1CB8EA5CC55C0CD
SHA-1: 0x28152F9BFF618BE306F39F2D4F87A3743EEFBDEB
58 %UserProfile%\RFCXE\32529.XGI 5 bytes MD5: 0x7C8150213491F29A32E41242E2FDF55A
SHA-1: 0x089F66D8906FD795EAB28BA55F740E7F32FA7221
59 %UserProfile%\RFCXE\32667.DGN 5 bytes MD5: 0x9077CE55BA293BAB4278D5E5E47A9106
SHA-1: 0x57CDC2716DB0EE4E2BEB1D2BE76B958A346F20D4
60 %UserProfile%\RFCXE\32784.VMB 5 bytes MD5: 0x820D7297223D5E401166CB6CBFD53B1F
SHA-1: 0x54180B931AC9B7A9B830FA4571A185BFE9DB4146
61 %UserProfile%\RFCXE\33137.WCE 5 bytes MD5: 0x1A4461E3CA15C1B7C5B322F161CDCF0B
SHA-1: 0x833C2D2F102375751F3A5E9FC18755987C569CD9
62 %UserProfile%\RFCXE\33528.YQG 5 bytes MD5: 0x8F6A418C8C78D211E6FC70C05546F422
SHA-1: 0x4E6B1AFC3B6B8670DF8D40A6F4FFAC88697EF675
63 %UserProfile%\RFCXE\3354.NNK 4 bytes MD5: 0xD2CD33E9C0236A8C2D8BD3FA91AD3ACF
SHA-1: 0xCF5788C7B45D5ABD05FB1682E454B5F3E45A4E0D
64 %UserProfile%\RFCXE\33837.JON 5 bytes MD5: 0x308877223A4C6C51B8DC76441CD414BC
SHA-1: 0xC027E9E2B191C6B2E016A7BEE3A5F731E5ED4542
65 %UserProfile%\RFCXE\34025.DQY 5 bytes MD5: 0x9EA68E97266389F3FE227B9C0E0084F3
SHA-1: 0xF3DFFA2575EA5FAA10860AF2D2FD5C20E85BCC71
66 %UserProfile%\RFCXE\34082.CAT 5 bytes MD5: 0x5D20575FA6CBE9D1E5A046AEEF36E7A3
SHA-1: 0x203770B0E9902A1E5A9A9BD18A3568B7F5B71BEC
67 %UserProfile%\RFCXE\34364.OAK 5 bytes MD5: 0x31A67BDBE13F907C857A7A27A3111509
SHA-1: 0x99112F47899659C677DFBF3D9568418A33A253DC
68 %UserProfile%\RFCXE\34582.LOP 5 bytes MD5: 0x6CB8E5DA693E35B24F941AB0E2777550
SHA-1: 0xCDF9285F436114FF6274D213F9427635DA34F923
69 %UserProfile%\RFCXE\35198.HQI 5 bytes MD5: 0x4D33696E6C41CCA92B4CDA58B63FC5F8
SHA-1: 0xEF317199E506CC7097E1F69EA3421E31106D79A1
70 %UserProfile%\RFCXE\35222.FIN 5 bytes MD5: 0xA1E7FB77550451D64AED45250CDCB04B
SHA-1: 0x825CB6BC268AE14B4B4F8A7C26E801BB1DD483BA
71 %UserProfile%\RFCXE\35463.BQI 5 bytes MD5: 0xB16539E3FF2250A2BF164A92B030633C
SHA-1: 0xD77EF4AF57D4B6276D6A5D398FA0614E8DEBC006
72 %UserProfile%\RFCXE\35519.HQG 5 bytes MD5: 0xF64053CAA298CE3743D8852CB8510F55
SHA-1: 0xBD6BBEFC1D68FCF362EFD10B0AA0790AA18E1A40
73 %UserProfile%\RFCXE\3562.vbs 56 bytes MD5: 0x94D159A436B138F0C99F5FA2A7E73177
SHA-1: 0x0D9FB3C1EF076E6C19C515D228D576FA69A0A0E0
74 %UserProfile%\RFCXE\35801.OLJ 5 bytes MD5: 0x346FF40778351836EA68A14E304AA0AE
SHA-1: 0xF9106781777235F1E63C9326A01E394A8EF8F384
75 %UserProfile%\RFCXE\36032.SYK 5 bytes MD5: 0x8AD87141193AF4B23555A38072FA9176
SHA-1: 0xA6771B8F27D6B39A70E6FA29373FFAA46CB0DA3C
76 %UserProfile%\RFCXE\36140.YKS 5 bytes MD5: 0x1D150E73A0F97F5A1682CF36E0CEB422
SHA-1: 0xDB9E0D02C964B7CF8256052030301878146194BA
77 %UserProfile%\RFCXE\36640.EZY 5 bytes MD5: 0xDCD688A2201680E19CF948B319505882
SHA-1: 0x00C2B8FDB4A69BFE8C07BE56A91EA6007FD66E0E
78 %UserProfile%\RFCXE\36741.TNI 5 bytes MD5: 0xDD75D67912095A58866697D129FDD0E7
SHA-1: 0xD781D6BE43198C25E21E5D0A90CA087273F6A46D
79 %UserProfile%\RFCXE\36877.FKX 5 bytes MD5: 0x5730737405AC64AFE17E4CC691BA62A4
SHA-1: 0x9857580972EAF551707C533C82C84D43E41CAB05
80 %UserProfile%\RFCXE\37348.YUI 5 bytes MD5: 0x6A67AD49461A5940715C8257A5902B79
SHA-1: 0xE0E937EB573CBA17D806EA1EF638041104A3326A
81 %UserProfile%\RFCXE\37387.YTH 5 bytes MD5: 0x87FA3416736268D45E90B46F820A8252
SHA-1: 0x45493B18E88A738A58A2A1D686C47744EABDA061
82 %UserProfile%\RFCXE\38004.VXX 5 bytes MD5: 0x9F31D6FE1DE940D081E72CE1778C5661
SHA-1: 0x1F443C517596089B368D86B3F6AFDCA5A74D88E9
83 %UserProfile%\RFCXE\38719.DPZ 5 bytes MD5: 0xD82CED4D399F271C1F206B76F8E6A893
SHA-1: 0x2B3AED19FDF28EDE1415F5ECC7973A6A92FF04E3
84 %UserProfile%\RFCXE\39179.DIW 5 bytes MD5: 0xC4B31B9625EB6205E6793A2F8AB42AF3
SHA-1: 0xD61C4DEC6C596FF67C79BBC5204DC995980F0066
85 %UserProfile%\RFCXE\39355.XGS 5 bytes MD5: 0x67B46DF8FD1C23206E0572850AC213B5
SHA-1: 0x294372E0C652667E70BE5AA3AE7971C2721B0BED
86 %UserProfile%\RFCXE\39970.MUH 5 bytes MD5: 0x12B25B878C7297605A57D9A104DE9976
SHA-1: 0xA840153166CC1E3DE650689137F02BF1B3B15525
87 %UserProfile%\RFCXE\40395.UOT 5 bytes MD5: 0x709A255D7AE6859551C9CB810D091A7B
SHA-1: 0x469E8D349F9EC9BD96D2BB6DC318A98079D0005D
88 %UserProfile%\RFCXE\40445.FJK 5 bytes MD5: 0xAE2DA010AF91A365A412E97D26AE4E59
SHA-1: 0x6BFC18F9C757AB9DBFFA5D1F1F502C61A90A02E7
89 %UserProfile%\RFCXE\41060.MOK 5 bytes MD5: 0x0067035172FC786488FF7C6317ED88C9
SHA-1: 0xF3BAAC3C7FB72B6C493C8505F5ACA494FE553096
90 %UserProfile%\RFCXE\411072.ARZ 3,879,558 bytes MD5: 0x764BB1A4D9BF4AF758424FC845EE12A9
SHA-1: 0x797556F1DD74F536C8FF0939E34D6EE48A2F6B49
91 %UserProfile%\RFCXE\41264.RSO 5 bytes MD5: 0x058944E29AC0DB15F9D8FF177B730609
SHA-1: 0x41F524C7AD5B7400C02C519A81D493A21AB3CC34
92 %UserProfile%\RFCXE\41470.CKJ 5 bytes MD5: 0xC22F68DE5BDCE96FEE03E21CA08D898D
SHA-1: 0xCA21249FDEFB7B8F2361ADF256C29354EB09F13D
93 %UserProfile%\RFCXE\41495.WMN 5 bytes MD5: 0xF702407C8AB99AF3B508ED528516B86C
SHA-1: 0x2C8BF5A30461B2FC2B1F3AD1E2FE19D4083E678C
94 %UserProfile%\RFCXE\42078.FLA
%UserProfile%\RFCXE\42078.NID
5 bytes MD5: 0x6FEC8C1BA9B9AA79BD26E09FC8AAE3EB
SHA-1: 0x151E140EFB084921958B3BC9D85CBED0F0CD62FE
95 %UserProfile%\RFCXE\42230.VHN 5 bytes MD5: 0xB0010C02635EB32881456D2A4505557D
SHA-1: 0x7D38A9B4A5815D0D25DA3AB8B65EEAD086BFC9B0
96 %UserProfile%\RFCXE\4250.TLM 4 bytes MD5: 0xFCAC695DB02687FFB7955B66A43FE6E6
SHA-1: 0x1D05C5478179123D708EA97F87AD547A49F2D8EB
97 %UserProfile%\RFCXE\43214.TBM 5 bytes MD5: 0x5E8C84768DA5BCB14F66D92AABE75092
SHA-1: 0xB62AA2FE8F91EA7D0374A87B2325F015D8B040C5
98 %UserProfile%\RFCXE\43445.ZUL 5 bytes MD5: 0x48CB245F831DF4938C87DDAE93DA0A32
SHA-1: 0xB05EC4511852472C330CEF0D15F2D1484BC3DCD4
99 %UserProfile%\RFCXE\43771.RPS 5 bytes MD5: 0x3E9702E1570AF46CCD4551B7F4909F6F
SHA-1: 0x8F163FA3EDD78ACB07ACA0C719925A9DD54CEF33
100 %UserProfile%\RFCXE\43826.ERG 5 bytes MD5: 0x3969214CF75AF11C1A013E4386787C54
SHA-1: 0x36AF98AC1AA4D3E5D28CDB0EC1F7AFF467297297

 

Memory Modifications

Process NameProcess FilenameMain Module Size
AOWTG.exe%UserProfile%\RFCXE\AOWTG.exe835,584 bytes
[filename of the sample #1][file and pathname of the sample #1]278,528 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
back2root.no-ip.org11930

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.