Submission Summary:

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 c:\ProgramData\WindowsVolume\DiskInstall.bat 1,276 bytes MD5: 0xA46BDEDC1E6587433DC98119F338D175
SHA-1: 0x01334536E159F71BC5BC1E7B7A0E75490C169C36
(not available)
2 c:\ProgramData\WindowsVolume\Diskpart.dat 365 bytes MD5: 0x1A18270FB3FD76DF0D01087E99DDDCC6
SHA-1: 0x26732B781736ED80654E3A41839B50E3D2E36DB5
(not available)
3 c:\ProgramData\WindowsVolume\DiskServer.exe 4,791,956 bytes MD5: 0x54836054DA86CDF2C6FAF9902C999A19
SHA-1: 0x2E4B2E3807D7DB4DFBEE403931DD200140AC5538
(not available)
4 c:\ProgramData\WindowsVolume\File.exe
c:\ProgramData\WindowsVolume\File3.exe
381,952 bytes MD5: 0x114F5BFB83D3C1A44DBF04AED9C458B5
SHA-1: 0xDC1FEE3135992A572CD46896FFE68F9F9F4A4E86
Trojan.Win32.Dm [Ikarus]
5 c:\ProgramData\WindowsVolume\File2.exe 11,776 bytes MD5: 0xE4C489DBA5C6A05EC636053388FF70C1
SHA-1: 0xAD2268260BC7370B39EFC4A080B7A55C4D467942
(not available)
6 c:\ProgramData\WindowsVolume\OpenDisk.exe 510,976 bytes MD5: 0x229C8CCEA94EF0B27D3C183733ABDC18
SHA-1: 0xDF2DA0BA2E2C1A0A8EF9827469268484E5C02A33
Trojan-Downloader.Win32.Banload [Ikarus]
7 c:\ProgramData\WindowsVolume\russian.lg 49,644 bytes MD5: 0xE44E34BC285B709F08F967325D9C8BE1
SHA-1: 0xE73F05C6A980EC9D006930C5343955F89579B409
(not available)
8 c:\ProgramData\WindowsVolume\sysdisk.exe 1,847,504 bytes MD5: 0x4E5D6B099B69FB935DA7E0E7A4DF8B26
SHA-1: 0x5643D2DBDE01664012A6022725982F59973E12FB
packed with UPX [Kaspersky Lab]
9 c:\ProgramData\WindowsVolume\volumedisk.exe 1,602,256 bytes MD5: 0xC51216743D2FDDC2E8C67F092B7F862D
SHA-1: 0x04FD9048253180784459592F5EBE6442F46898F1
packed with UPX [Kaspersky Lab]
10 c:\ProgramData\WindowsVolume\vp8decoder.dll 387,280 bytes MD5: 0xD43FA82FAB5337CE20AD14650085C5D9
SHA-1: 0x678AA092075FF65B6815FFC2D8FDC23AF8425981
(not available)
11 c:\ProgramData\WindowsVolume\vp8encoder.dll 1,639,120 bytes MD5: 0xDAB4646806DFCA6D0E0B4D80FA9209D6
SHA-1: 0x8244DFE22EC2090EEE89DAD103E6B2002059D16A
(not available)
12 [file and pathname of the sample #1] 5,083,790 bytes MD5: 0x25FEBF42D2EEC6A18BF4C86F0EF91976
SHA-1: 0x9B140FB38957BDFA33DEA1CA36B809CCB702B11C
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
sysdisk.exeC:\ProgramData\WindowsVolume\sysdisk.exe7,020,544 bytes
File.exeC:\ProgramData\WindowsVolume\File.exe405,504 bytes
[filename of the sample #1][file and pathname of the sample #1]217,088 bytes
DiskUpdate.exeC:\ProgramData\WindowsVolume\DiskUpdate.exe393,216 bytes
DiskUpdate1.exeC:\ProgramData\WindowsVolume\DiskUpdate1.exe475,136 bytes
DiskServer.exeC:\ProgramData\WindowsVolume\DiskServer.exe356,352 bytes
file3.exec:\programdata\windowsvolume\file3.exe405,504 bytes
opendisk.exec:\programdata\windowsvolume\opendisk.exe536,576 bytes

Service NameDisplay NameStatusService Filename
VolumeDisk0System VDisk Volume"Running"C:\ProgramData\WindowsVolume\sysdisk.exe

 

Registry Modifications

 

Other details

Russian Federation

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2018 ThreatExpert. All rights reserved.