Submission Summary:

What's been foundSeverity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Creates a startup registry entry.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %AppData%\monero\begin.bat 350 bytes MD5: 0xAB7CD37DE39AC7BB92B663755C306C48
SHA-1: 0x1006B73EFDDDBA59C198A385671B2A001A7AE422
(not available)
2 %AppData%\monero\FXRI.exe 1,526,533 bytes MD5: 0x93765C79ADEF46A1851FAA370195DE62
SHA-1: 0x40883A73F915520B636CAD2A88A34A4E820D09CF
(not available)
3 %AppData%\monero\inst.bat 286 bytes MD5: 0x1C80E7D814F015D96DCD4CA2A2904551
SHA-1: 0x86641CCDDCA36208A666DB54F822E922F71486E0
(not available)
4 %AppData%\monero\libcurl.dll 572,416 bytes MD5: 0x27906D4CA1BCC81D5B9BF3E09E39D7E9
SHA-1: 0x674F585B342F87D2D807625AD6FE7EBD94857142
(not available)
5 %AppData%\monero\libeay32.dll 1,746,432 bytes MD5: 0x96198BD951718C520C660F1179D8CB2A
SHA-1: 0x0C70B02965CFED99FA2532E4B10CAA6C6C083BD5
(not available)
6 %AppData%\monero\nircmd.exe 44,032 bytes MD5: 0xBA2CF7D2D09AE9A29445704BD1B4F67B
SHA-1: 0x919250240E4CF978603DDF6944719FE35ACDB668
packed with UPX [Kaspersky Lab]
7 %AppData%\monero\ssleay32.dll 377,856 bytes MD5: 0xF5833C3CA3A1DA55D2B8EAB6EF4BF8AD
SHA-1: 0x110455271CECF9DAEAA855E14251E290C2A01329
(not available)
8 %AppData%\monero\zlib1.dll 95,744 bytes MD5: 0x8D8CAB46F03C676E929B656ED64323D9
SHA-1: 0xFEB58EB336CCE0D064B5F59216598F8D975729D7
(not available)
9 [file and pathname of the sample #1] 1,868,999 bytes MD5: 0x1435278C2D772B55CFE46D344500CBEC
SHA-1: 0x333232A0FE34BB4D8D0495DB999511DA70B746DF
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
nircmd.exe%AppData%\monero\nircmd.exe110,592 bytes
[filename of the sample #1][file and pathname of the sample #1]471,040 bytes

 

Registry Modifications

 

Other details

Israel

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.