Submission Summary:

What's been foundSeverity Level
Registers a 32-bit in-process server DLL.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonPrograms%\WinCDEmu\WinCDEmu Settings.lnk 674 bytes MD5: 0xD545E6BC7191AF075880FC946843470D
SHA-1: 0xBCC3005E4A693D498BD27BCD4B0E66067B7DD289
(not available)
2 %ProgramFiles%\WinCDEmu\batchmnt.exe 105,984 bytes MD5: 0x5E6561921A7722EA025A79172E7B443E
SHA-1: 0x1CBB792056D630A8718CF29CD1FEC36721E57B5F
(not available)
3 %ProgramFiles%\WinCDEmu\batchmnt64.exe 130,048 bytes MD5: 0xEF5F980E1E1DBDF454673206751BF255
SHA-1: 0x2B5AEA7B577984C4BAA99F0108C1AEB84F76F91E
(not available)
4 %ProgramFiles%\WinCDEmu\bazisvirtualcdbus.cat 8,624 bytes MD5: 0x1A7AE9457824C66CF047A95F1A5C4629
SHA-1: 0x4D9C13618E5D1A998DF6B299D7BA8FDB45012EB2
(not available)
5 %ProgramFiles%\WinCDEmu\BazisVirtualCDBus.inf 1,458 bytes MD5: 0x9A41ACAF308273117F12253119753CD2
SHA-1: 0xDE3DA728432C61BE2C8684670997BAA8EEB36934
(not available)
6 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Arabic.lng 8,574 bytes MD5: 0x1C177FB48474504E2A12E135DA569C89
SHA-1: 0xB23EC0113CFB893DE01059D9DDD5398A121851BA
(not available)
7 %ProgramFiles%\WinCDEmu\langfiles\vmnt_armenian.lng 4,202 bytes MD5: 0x054BC47AEC44BC24EFB7FA2D3CB4D16E
SHA-1: 0x067EE15600F3B9E4377CA159936D0980F5ADBCC3
(not available)
8 %ProgramFiles%\WinCDEmu\langfiles\vmnt_bahasaindonesia.lng 10,358 bytes MD5: 0xEE1B69AD806DC238CDB3494D15EDAFAB
SHA-1: 0xB79626FDEC8AD97CB19F51EE871D06CCCEF08C16
(not available)
9 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Bengali.lng 1,676 bytes MD5: 0xD23C884983ACDD3E39D905B456A93810
SHA-1: 0xC2AD7FDDF65DB7C6EFCD3E52EF2D3AD6C09DD7EF
(not available)
10 %ProgramFiles%\WinCDEmu\langfiles\vmnt_bulgarian.lng 9,836 bytes MD5: 0xBDE8E065B9964471A94577ABC273C6A2
SHA-1: 0xFC082776144313236794F54AB2F7C5E585B7E18A
(not available)
11 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Catalan.lng 10,508 bytes MD5: 0xAB6B693AB0D2E076F38C5A1F66F0178C
SHA-1: 0x395CF8AA6E72DA78EF409932935001927382D50F
(not available)
12 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Czech.lng 9,484 bytes MD5: 0xE27BE5A5E7121ED58E8127475B3ACF33
SHA-1: 0x3991DCF763F81CCD431D8A963DF126F1E1B79FBE
(not available)
13 %ProgramFiles%\WinCDEmu\langfiles\vmnt_dansk.lng 6,356 bytes MD5: 0xEED99027CE8D0BEE9393DF2E42368D56
SHA-1: 0x68116D787A56E8C32EDC02F8A2F2FA12B46EB66F
(not available)
14 %ProgramFiles%\WinCDEmu\langfiles\vmnt_dutch.lng 9,358 bytes MD5: 0x6B77C85BC096643F2211EDF35623C759
SHA-1: 0x4B9C26CB14E8E4F915D83F70643CD0213B952F72
(not available)
15 %ProgramFiles%\WinCDEmu\langfiles\vmnt_english.lng 8,842 bytes MD5: 0x967BC885F19EB2CA9E036B9367A7392C
SHA-1: 0xF475436DC03F06D82EA1CB5D25B75650C5D4C1D4
(not available)
16 %ProgramFiles%\WinCDEmu\langfiles\vmnt_estonian.lng 8,898 bytes MD5: 0xB152548B47C0EFEC3D22D557E1725096
SHA-1: 0xEA855A162866318A557B09302ABE46276EE212C8
(not available)
17 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Farsi.lng 9,206 bytes MD5: 0x5AE5AC5C2BA4B2788C8DADA8091B17FC
SHA-1: 0x8024A1ACA0596DD33F81473FEDA6A562D486A655
(not available)
18 %ProgramFiles%\WinCDEmu\langfiles\vmnt_finnish.lng 10,266 bytes MD5: 0x4457FDE782FEAA959D141C1E3880F4C0
SHA-1: 0x9181BCEA80530F2700D02856862EC87C89744AFA
(not available)
19 %ProgramFiles%\WinCDEmu\langfiles\vmnt_french.lng 10,158 bytes MD5: 0x95031E630D34940CBB9ADC61760D225F
SHA-1: 0x785F3299EF54E63A6050D1C39D32514C0DF6DAE2
(not available)
20 %ProgramFiles%\WinCDEmu\langfiles\vmnt_german.lng 10,618 bytes MD5: 0x093783D763F020E9C5C6E9746A5ABF92
SHA-1: 0x96A368C8536873C707EC2DBDAD6E92016DBECB64
(not available)
21 %ProgramFiles%\WinCDEmu\langfiles\vmnt_greek.lng 9,700 bytes MD5: 0x1C74EB9BF2F9FBE1949A6BFAA0497E28
SHA-1: 0xDBF92890B79070EFC332E46DF9EF320C4673EF29
(not available)
22 %ProgramFiles%\WinCDEmu\langfiles\vmnt_hebrew.lng 8,632 bytes MD5: 0xFFCA959029F8E28C160535EA7B38EE64
SHA-1: 0x746A280574BF225FD17B20F38BDE268A9AC982BD
(not available)
23 %ProgramFiles%\WinCDEmu\langfiles\vmnt_hungarian.lng 10,302 bytes MD5: 0xB272FD93DE261270406B3CCD237C247D
SHA-1: 0x7182A744C7A047726E355C6EACB299A2A2A225CD
(not available)
24 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Indonesia.lng 9,234 bytes MD5: 0x2E0FC52D313032A4626CAA4BE6BA563C
SHA-1: 0xFE6F4BFD32CD05EAE926A6E6DB99929F3A156E2A
(not available)
25 %ProgramFiles%\WinCDEmu\langfiles\vmnt_italian.lng 10,296 bytes MD5: 0x63111C9D894811D7FEA24687F0DD35B0
SHA-1: 0x31B62525E23E7CB1BE17D35318C51073B64490DD
(not available)
26 %ProgramFiles%\WinCDEmu\langfiles\vmnt_japanese.lng 2,688 bytes MD5: 0x29D6E5181D9E3D1BCAD83664C12B8185
SHA-1: 0x65E5BB3B51A6071AD0DBD40ACCFEDF3CE6B2C621
(not available)
27 %ProgramFiles%\WinCDEmu\langfiles\vmnt_kannada.lng 9,846 bytes MD5: 0xF941D8E5277FC7711E0B50622030A055
SHA-1: 0x0C1005634358E564BD973F16C9B9D65D4E0A49F1
(not available)
28 %ProgramFiles%\WinCDEmu\langfiles\vmnt_korean.lng 7,178 bytes MD5: 0xFBC2FA5FC31AB329BBCDDD5D58585C43
SHA-1: 0x7731F8E4D61B9CBA15419068C1EEB1BD509EC59A
(not available)
29 %ProgramFiles%\WinCDEmu\langfiles\vmnt_kurdish.lng 5,006 bytes MD5: 0x12690623FC8EB82F9A47B5296A8141D9
SHA-1: 0xC9664880E5AC9B3AD1C9C76D5F9BC742F785F119
(not available)
30 %ProgramFiles%\WinCDEmu\langfiles\vmnt_lithuanian.lng 3,034 bytes MD5: 0x7D1604FD2688471758B2E8FC31726828
SHA-1: 0x2983A67D17D7E3D0B5165AE87C0608A2F80B8D3D
(not available)
31 %ProgramFiles%\WinCDEmu\langfiles\vmnt_macedonian.lng 9,538 bytes MD5: 0x83E846BB5A229272DD01418B25FAF0B6
SHA-1: 0x3F84DCC8EE0F6E4095FA46674E4631088E4E3F9A
(not available)
32 %ProgramFiles%\WinCDEmu\langfiles\vmnt_malay.lng 9,558 bytes MD5: 0xFEBFBED2AE83A7165599D4FA99C5603F
SHA-1: 0x6928B24865B8D581175C94EB011654DC47439318
(not available)
33 %ProgramFiles%\WinCDEmu\langfiles\vmnt_norsk.lng 8,462 bytes MD5: 0xE87826E3ED5C16DA3284D7930D419251
SHA-1: 0x4843FF853581E67F80736E71CB46DC05D7002596
(not available)
34 %ProgramFiles%\WinCDEmu\langfiles\vmnt_norwegian.lng 9,910 bytes MD5: 0x970FA1701F771BA7DC04BDB6988FA9C9
SHA-1: 0x45D21A31753D1289A68A720359A3AB9BC4021924
(not available)
35 %ProgramFiles%\WinCDEmu\langfiles\vmnt_polish.lng 10,586 bytes MD5: 0x58324F09BDBB950DF0F773A121F6037F
SHA-1: 0x2B84006ABEC8B4728CD41C19E205FB4EC76D078D
(not available)
36 %ProgramFiles%\WinCDEmu\langfiles\vmnt_portuguese.lng 10,868 bytes MD5: 0x5BCFC4450928C8AFB5EAB66B8062C6EF
SHA-1: 0x291CF726F84AC51BA9AB61CD37B8F21C1A74A13D
(not available)
37 %ProgramFiles%\WinCDEmu\langfiles\vmnt_portuguese_brazil.lng 9,460 bytes MD5: 0xBA61BF688521D5A7721FF9F6628C444D
SHA-1: 0x1BCD34D6CEBEEA09D15EA5AE70D512345911D495
(not available)
38 %ProgramFiles%\WinCDEmu\langfiles\vmnt_romanian.lng 9,580 bytes MD5: 0x5159A7044993359D360B6506219978DD
SHA-1: 0x1BB44E62D8BB180FAE2FD92034649150A06BC709
(not available)
39 %ProgramFiles%\WinCDEmu\langfiles\vmnt_russian.lng 9,190 bytes MD5: 0x05E875A13AB0424D01699D02289C9420
SHA-1: 0x341BCA8EFFBAB74434F19BA87575E469FE08B1BB
(not available)
40 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Slovak.lng 9,632 bytes MD5: 0x2CEBD7A662FF4102436EBDA4D8B8B33D
SHA-1: 0xB0368E7C1DD54676D4A788DDD76E004C09E19D03
(not available)
41 %ProgramFiles%\WinCDEmu\langfiles\vmnt_slovenian.lng 9,810 bytes MD5: 0x08548B1EAE4C26E930CC45104033E5AA
SHA-1: 0x6887C635F050381E050505B9CE3260B6EDF9CB9B
(not available)
42 %ProgramFiles%\WinCDEmu\langfiles\vmnt_slovenscina.lng 4,030 bytes MD5: 0x09D289A231A1F47D2DC3FE0D826EDD27
SHA-1: 0x405FECB4B50EDDFC7ECEDD40130DCF1E95135CF5
(not available)
43 %ProgramFiles%\WinCDEmu\langfiles\vmnt_spanish.lng 10,612 bytes MD5: 0x4BDA51AE6EC0E55F7CCEFD42A21310D0
SHA-1: 0xBC04DB252A40D1C51F24F9A2FAF1D69CC76D848F
(not available)
44 %ProgramFiles%\WinCDEmu\langfiles\vmnt_sr.lng 9,258 bytes MD5: 0x059000FE86691136AB905886D1AE23B9
SHA-1: 0x61FCE8339E2626069E928F02BFC632E0D422FD04
(not available)
45 %ProgramFiles%\WinCDEmu\langfiles\vmnt_swedish.lng 9,172 bytes MD5: 0x5A5B952E17EA5027575C09131B97BBDA
SHA-1: 0xBAC079FA874BE8F8F8FFBC52A4BE4591A7163C4E
(not available)
46 %ProgramFiles%\WinCDEmu\langfiles\vmnt_ta.lng 9,820 bytes MD5: 0x809380356B7FE2FC2D35B948D8EC6DE5
SHA-1: 0xBE34F39FABE26E5678025D3B636B68CF50BE42FA
(not available)
47 %ProgramFiles%\WinCDEmu\langfiles\vmnt_Taiwan.lng 7,004 bytes MD5: 0x5839297F4C3B5AA339B91FFD4B05760D
SHA-1: 0x2EF21231A90B9A9C99D26969EC1A23003DDA11C0
(not available)
48 %ProgramFiles%\WinCDEmu\langfiles\vmnt_turkish.lng 8,864 bytes MD5: 0x1D638ADBDAC9FEF7F062ED66F36672A2
SHA-1: 0x881AC42D22480368F307DA1B75A3D73B24CE3241
(not available)
49 %ProgramFiles%\WinCDEmu\langfiles\vmnt_urdu.lng 9,104 bytes MD5: 0xB4B5FBC4B54EC5ED4458B53C043892F4
SHA-1: 0x982279D3638B3A3E806488FC37E9C39CEB9C9D67
(not available)
50 %ProgramFiles%\WinCDEmu\langfiles\vmnt_uzbek.lng 9,124 bytes MD5: 0x0C074DB45972542F28D9C6EFBD008F52
SHA-1: 0x2FEFAF360E0254159ED536856B0A1034673B529A
(not available)
51 %ProgramFiles%\WinCDEmu\langfiles\vmnt_zh_CN.lng 6,406 bytes MD5: 0x40789C69C026F2100F86E2B1A7B7A7A8
SHA-1: 0x9D1D8C3530FAD5648EDF9A08C2D6E82D26E5CB45
(not available)
52 %ProgramFiles%\WinCDEmu\langfiles\vmnt_zh_TW.lng 3,380 bytes MD5: 0xF4C9F78EA2D59C281D78D89F455D2328
SHA-1: 0x849508BEF20E90D737372A04116C98CE25496BFD
(not available)
53 %ProgramFiles%\WinCDEmu\mkisofs.exe 1,395,214 bytes MD5: 0x298B00E6DC408F5EA4FAD8FF173028D5
SHA-1: 0xA09539B1FAFB5DB8922BDD68629DDAA60E1C2437
(not available)
54 %ProgramFiles%\WinCDEmu\uninstall.exe 92,504 bytes MD5: 0xEEE4ED98DE5A60526CA915940821C4FA
SHA-1: 0xBB555BBACFB3A2691AB740EEA07225B764DA116B
(not available)
55 %ProgramFiles%\WinCDEmu\uninstall64.exe 117,080 bytes MD5: 0x667075E69A3C9CB564456DFFEC82F2B9
SHA-1: 0x6B22EBCFAFC23879472949D20DC70C421528D20B
(not available)
56 %ProgramFiles%\WinCDEmu\vmnt.exe 323,416 bytes MD5: 0xEEAE83A94A6364A8A640E0F6CACCFD85
SHA-1: 0x501CE395DA2EB37E60C8654077B47EED3C186B7A
(not available)
57 %ProgramFiles%\WinCDEmu\vmnt64.exe 406,360 bytes MD5: 0xBF26C935FFD4C25FFF6731DBF73D2212
SHA-1: 0xB5446EC4FD06A17022E2F9A5345CDE131FE4E5E6
(not available)
58 %ProgramFiles%\WinCDEmu\x64\0 6,141 bytes MD5: 0xA6B5A096AB1EFB87E5867847D918FBCD
SHA-1: 0xFD1E8C43234DACB19206FD8B7ACB9EAD7C09A1C7
(not available)
59 %ProgramFiles%\WinCDEmu\x64\1 2,386,983 bytes MD5: 0x023E287992397FBFB761AB04BF814BD3
SHA-1: 0xB142A2D2618EA2090CB0D695DC469D9FC818694A
(not available)
60 %ProgramFiles%\WinCDEmu\x64\BazisVirtualCDBus.sys 172,376 bytes MD5: 0x09391BA416AA29682298A612FDFDD7B8
SHA-1: 0xA936409D136B10CFEADD85ED40607A359077DA13
(not available)
61 %ProgramFiles%\WinCDEmu\x64\VirtualAutorunDisabler.exe 101,376 bytes MD5: 0x6F587118EB5B019F61B864FAAFD6EBCD
SHA-1: 0x6B16E90262161F4A8BF7F7FF66547792281B660E
(not available)
62 %ProgramFiles%\WinCDEmu\x64\VirtualAutorunDisablerPS.dll 41,472 bytes MD5: 0x7D20F582E32CC6D34E633928C5564F65
SHA-1: 0x1349883AEC255B9D54058002644C8D2ADF014A91
(not available)
63 %ProgramFiles%\WinCDEmu\x64\WinCDEmuContextMenu.bak 254,976 bytes MD5: 0x03A9955EC55C5C6E00A3281602B30132
SHA-1: 0xBFD7FF40CE3ED319F6AA5C6777A3A8A2E2AA825B
(not available)
64 %ProgramFiles%\WinCDEmu\x64\WinCDEmuContextMenu.dll 255,488 bytes MD5: 0xE3526F364347D94C329A8CA6D8DF17DA
SHA-1: 0xDC7821D81E7E5706F853EAD288007920B714587E
(not available)
65 %ProgramFiles%\WinCDEmu\x86\BazisVirtualCDBus.sys 121,688 bytes MD5: 0x7B15FCEDC5B947422208911633AB65CA
SHA-1: 0x652D6C9753D9BE476AED059BAC82A058CD755221
(not available)
66 %ProgramFiles%\WinCDEmu\x86\VirtualAutorunDisabler.exe 87,040 bytes MD5: 0x98E22C7CD9BAECA08875EAFD182C13FC
SHA-1: 0x253FC7F9165D173250BC5FBA805DE2648105E948
(not available)
67 %ProgramFiles%\WinCDEmu\x86\VirtualAutorunDisablerPS.dll 35,840 bytes MD5: 0xE3BD21095F8D0017E2073D53E68F7509
SHA-1: 0x215DAE9426E57BBE3F68EC5C194EEBA3FE26DC63
(not available)
68 %ProgramFiles%\WinCDEmu\x86\WinCDEmuContextMenu.dll 222,720 bytes MD5: 0xC36FEE011C683583EC2D7F81DC53C348
SHA-1: 0x3998739C21F267760E6744EBD3AF15C2A8E65754
(not available)
69 [file and pathname of the sample #1] 1,697,808 bytes MD5: 0x2331909926BA27BAC6AAB1FC600DB594
SHA-1: 0x6EA5CB4FA2E058172D5BC9B3499CB0ECF0E69069
packed with UPX [Kaspersky Lab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]413,696 bytes

 

Registry Modifications

 

Other details

Russian Federation

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.