Submission Summary:

What's been foundSeverity Level
Produces outbound traffic.
Downloads/requests other files from Internet.


Technical Details:


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %System%\del.bat 109 bytes MD5: 0x1FA162147382D74B19C602DB3A3DDA89
SHA-1: 0xCB6B89C05B7A6801E2915865E11376E94F83DC1A
(not available)
2 [file and pathname of the sample #1] 245,760 bytes MD5: 0x3997A63B988977302AEB74C57C0EC3DB
SHA-1: 0x30E7A7D384BF0A499A30262417D434E8BC4A38C6
packed with UPX [Kaspersky Lab]
3 %Windir%\Tasks\At1.job 396 bytes MD5: 0x5B1BB87433DA78B9FA669ECA088B156D
SHA-1: 0x6ECB1E4A7C046C8B0F7B86A6993DD5B144C60D56
(not available)
4 %Windir%\Tasks\At10.job 396 bytes MD5: 0xFFBD05B448C329D14B7B9132A3505CD2
SHA-1: 0x744ACC229A04D19A54F884E7A9C7E5FF2B30BA29
(not available)
5 %Windir%\Tasks\At11.job 396 bytes MD5: 0x2CB18395549105BFF08D3CC2CA5C5FD9
SHA-1: 0x9EF9B116F2150F4C730E6E74AD0042EC6E3FA533
(not available)
6 %Windir%\Tasks\At12.job 396 bytes MD5: 0xD24FE71BA52B31458F0B2DBB79656F4B
SHA-1: 0x0945387AE9B1CD03BF997590CFE585D7F4BB8B36
(not available)
7 %Windir%\Tasks\At13.job 396 bytes MD5: 0x72A8540D079F68E108790F3C14517945
SHA-1: 0x888CEF6B04FDB420EF5EEA005121126DF4EB9030
(not available)
8 %Windir%\Tasks\At14.job 396 bytes MD5: 0x8C4E0BAA4A8F45E61B6A99B270222E35
SHA-1: 0x30BB751E4C4C5E948FAD1742F0CB4652201B0600
(not available)
9 %Windir%\Tasks\At15.job 396 bytes MD5: 0x418AD3C8F7E022DC5F4A3E2C81DEA0F5
SHA-1: 0xCE9285D0D3DA70B929DB10DE6D768EBF0FBFF04D
(not available)
10 %Windir%\Tasks\At16.job 396 bytes MD5: 0xED5F9A235BB758E61AD706E266240747
SHA-1: 0x3F47622F012D986739FD36446D4A1A7172354E4F
(not available)
11 %Windir%\Tasks\At17.job 396 bytes MD5: 0xA391CDA1D6B93134C131CBADE07A1087
SHA-1: 0x44CB8E8C7F635692BF7E5C939017DEC3966BA7F2
(not available)
12 %Windir%\Tasks\At18.job 396 bytes MD5: 0xA064EC6F832922AE5C4521A1546B8339
SHA-1: 0xCB27154D2EBC432C7DF514D4D75D315A50520D94
(not available)
13 %Windir%\Tasks\At2.job 396 bytes MD5: 0x998DC114654F9EC0B92144007165EAA7
SHA-1: 0xEB0E3A45236388EFE09FEDB48336ED442E6DC572
(not available)
14 %Windir%\Tasks\At3.job 396 bytes MD5: 0x40A40B8742CAFF824455106710441132
SHA-1: 0x8AA8E908A3A4AFC9463773EF1C6F545FCACF85D8
(not available)
15 %Windir%\Tasks\At4.job 396 bytes MD5: 0x28324A4707CD22E83BFA94E4409CB134
SHA-1: 0x96C31F810E5110B197C922867FACC644C985DF4F
(not available)
16 %Windir%\Tasks\At5.job 396 bytes MD5: 0x626B0A067E5E40481FFA0FB0B7D6715E
SHA-1: 0x10B2F0D59B9D85D75BDC73059BAAE5E33BB411AB
(not available)
17 %Windir%\Tasks\At6.job 396 bytes MD5: 0xA0F8313681534F8FF072207F7BBED405
SHA-1: 0x2CAD6DCB827159CB784084FE79CD635E18738899
(not available)
18 %Windir%\Tasks\At7.job 396 bytes MD5: 0x1128001B87A3DBFCAA9F8397CCF37B23
SHA-1: 0x041C3ADDCA30E6AED8B69ABF627C258C375D5654
(not available)
19 %Windir%\Tasks\At8.job 396 bytes MD5: 0x32361468BB575CE2A901A7E405604D23
SHA-1: 0x48B6DF912129918C85557E6ACD9685A0C21DCFBD
(not available)
20 %Windir%\Tasks\At9.job 396 bytes MD5: 0xDA26B16DDBA80316C4B231F3E1C07B5A
SHA-1: 0xB594D43B7975C77ED20E6624B0A52339FAFBAF73
(not available)


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]647,168 bytes


Registry Modifications


Other details

Russian Federation

Remote HostPort Number


Outbound traffic (potentially malicious)



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.