Submission Summary:

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\CleanUp.exe 45,056 bytes MD5: 0xC78A0D9E0FAC64810CEF67908EB0D695
SHA-1: 0x069130E4542C787039102BBB6F894E5C1D790524
2 %Temp%\drmupgds.exe 249,856 bytes MD5: 0xABF0FADF619630041732D1EA5656EE45
SHA-1: 0x6DF247BB79DE445E108FEB4CCB297862BC583F3D
3 %Temp%\DSndUp.exe 49,152 bytes MD5: 0xC808901920CDC868462B821076B33226
SHA-1: 0xD600B70645233A1D17EC9E6380469BC83ECB5246
4 %Temp%\gemstrmw.exe 24,576 bytes MD5: 0x964D71F47C56F57EA331CED48336B36C
SHA-1: 0xE126D4792F8140806D8274CC46FBE4113F33EAA4
5 %Temp%\hkcmd.exe 77,824 bytes MD5: 0xD9F3DB62D1B361D82CD82A347EA6218D
SHA-1: 0x7EA8E8BC5E6BCCFA970D7770522C58733B8A132E
6 %Temp%\ie4uinit.exe 174,080 bytes MD5: 0x0D40AF250A6260EF6B7685B1299C2DEA
SHA-1: 0xFECF4545C67604D6F676EC4A78FC4970556CD8D7
7 %Temp%\ieudinit.exe 36,864 bytes MD5: 0x06A0D051B6937CDA3E38702494BBFC2A
SHA-1: 0xC5491EC5857FF86670AD351DDCDB56E23983311D
8 %Temp%\igfxcfg.exe 450,560 bytes MD5: 0xDB0F501856F216A15DA77CE4502CDFCE
SHA-1: 0x44339982BBB7EBBFC5B6CD8640306C410CAA746D
9 %Temp%\igfxext.exe 94,208 bytes MD5: 0xA4AE745EC6C1BC328A9B230DBFB19387
SHA-1: 0xFB42D63473A8423664425FA045F7AFD4CDB638AF
10 %Temp%\igfxpers.exe 118,784 bytes MD5: 0x32FB9368F485A7FE944EB6678B61734B
SHA-1: 0xCBE6A1EB9262FF23991718C2E8135758E28D4785
11 %Temp%\igfxsrvc.exe 163,840 bytes MD5: 0x23DAA38F8FF3F0B76F41463A49C65B5E
SHA-1: 0xD9149DC9D7CE2C382BEF22A215F37C09635EFCC6
12 %Temp%\igfxtray.exe 94,208 bytes MD5: 0x54F1F98C4AD8F99BBBE8FBB62B38733F
SHA-1: 0xB78A00D04F55B91593DBEFB2FE4143FB188570F5
13 %Temp%\mqbkup.exe 19,968 bytes MD5: 0x02052DD8D6DEF0FF3815C47D3622B585
SHA-1: 0x5E9E0561024EB986199718B93655E7258B5113EA
14 %Temp%\mqsvc.exe 4,608 bytes MD5: 0xE9B5F354AE80325283FD5C1C05217B01
SHA-1: 0xE4A12F830B8DFD7B5DC90453A59F429435FEDBD7
15 %Temp%\mqtgsvc.exe 117,248 bytes MD5: 0x10E6B9022B0A5C9C41E2DA6AEAE5D404
SHA-1: 0xFF6B96BD1BFD0D1C8D790E1D63EFEACC4ACDA02F
16 %Temp%\msfeedssync.exe 13,312 bytes MD5: 0xFEE2BA1AD38F457F418E82EA30724053
SHA-1: 0x7BA67318A83E01543DC455288191B6E6DD41047B
17 %Temp%\mshta.exe 45,568 bytes MD5: 0xAD8F83F16A3CE2B093B38B279B419387
SHA-1: 0x5924007AFDA4703E2ADD2C44507CFCBFA98A55B7
18 %Temp%\NsiCleaner.exe 40,960 bytes MD5: 0xECBF7BC7F44686B6C8293AC35EC206FC
SHA-1: 0xD584543E6095950BA138B09D47923C30F8D7EEB1
19 %Temp%\nsicmdrmdir.exe 40,960 bytes MD5: 0x2EE769F4968CE5B1336F323496DB5FB6
SHA-1: 0xCF9929E210CE63A220488AEC93F873DAF94F7F66
20 %Temp%\ntkrnlpa.exe 2,026,496 bytes MD5: 0x61CCE48F7BD00E0E4D5CDE206F2DDC1B
SHA-1: 0x7F6D4ABA3BA88BACE7E87E33B5647FB8A7435C0C
21 %Temp%\ntoskrnl.exe 2,148,352 bytes MD5: 0xA144D60B35E6DD14CCB9649B5E0D1092
SHA-1: 0xB72806CD16EA6197DFAAB9AC6172951CC4C203A7
22 %Temp%\pintool.exe 84,480 bytes MD5: 0x12E483D58BC9242543FA86E1591A1D4C
SHA-1: 0x53F1096DC73828EDF690B5B9912B6B78141A03CD
23 %Temp%\psshutdown.exe 131,072 bytes MD5: 0x4397DAE5ED2D6466A304115D651C4DEC
SHA-1: 0x58B3BF6CEB5C4A8AF42AB9F5EE2B3116A110A157
24 %Temp%\tapiui.exe 188,416 bytes MD5: 0xEDE4A944F7998A3751FC1BA97682EE9B
SHA-1: 0x620F70A2A0E50509089D1265C80540FFE3F765E7
25 %Temp%\tsd32.exe 110,592 bytes MD5: 0x7063A48CF6072A5276DFD39053EE6DEC
SHA-1: 0x2FF4090CDA8778844EFEAFC630F2618515B2899F
26 %Temp%\TSWbPrxy.exe 46,080 bytes MD5: 0xBF7D9B2DC1A0DD078553BB145D0C9E58
SHA-1: 0x0B6AA1384D01D8FBEF198980D60BEFA17918A23B
27 %Temp%\uwdf.exe
%Temp%\wdfmgr.exe
8,704 bytes MD5: 0x2C1D59933077BA0D8A64CB1FB9EF8638
SHA-1: 0x50D217C7068F9BC6960183E4250E131CB8BB1CF1
28 %Temp%\wabmig.exe 175,104 bytes MD5: 0x47F2F616C6A14D9BA8731D0C7CFA8502
SHA-1: 0x8B1B29C1C038479742F696FEF23FBC798A35DFDF
29 %Temp%\wpdshextautoplay.exe 17,408 bytes MD5: 0xF585FD5A80ADCA994B7EDF274C39C931
SHA-1: 0x75DF11AB55BA21728976B50667F3D6A158C0D352
30 %Temp%\WudfHost.exe 146,432 bytes MD5: 0x2ED5A170CF9E2ED6920DC1745D0D8029
SHA-1: 0x94676B456FE25EE54B2F761241B1D55E9DEB00DD
31 [file and pathname of the sample #1] 3,761,544 bytes MD5: 0x4D11CCF5FF78AF28CEFC8B9C97C68453
SHA-1: 0x3BE45B305F6BDD8ADC4DE8A142FEFAAF525CA163

 

Memory Modifications

Process NameProcess FilenameMain Module Size
DSndUp.exe%Temp%\dsndup.exe57,344 bytes
igfxext.exe%Temp%\igfxext.exe102,400 bytes
tsd32.exe%Temp%\tsd32.exe184,320 bytes
TSWbPrxy.exe%Temp%\tswbprxy.exe57,344 bytes
uwdf.exe%Temp%\uwdf.exe24,576 bytes
wabmig.exe%Temp%\wabmig.exe380,928 bytes
cleanup.exe%Temp%\cleanup.exe49,152 bytes
ieudinit.exe%Temp%\ieudinit.exe49,152 bytes
nsicmdrmdir.exe%Temp%\nsicmdrmdir.exe40,960 bytes
msfeedssync.exe%Temp%\msfeedssync.exe24,576 bytes
igfxpers.exe%Temp%\igfxpers.exe122,880 bytes
igfxsrvc.exe%Temp%\igfxsrvc.exe167,936 bytes
mqbkup.exe%Temp%\mqbkup.exe32,768 bytes
gemstrmw.exe%Temp%\gemstrmw.exe24,576 bytes
mqsvc.exe%Temp%\mqsvc.exe16,384 bytes
wpdshextautoplay.exe%Temp%\wpdshextautoplay.exe28,672 bytes
NsiCleaner.exe%Temp%\NsiCleaner.exe40,960 bytes
mshta.exe%Temp%\mshta.exe57,344 bytes
wdfmgr.exe%Temp%\wdfmgr.exe24,576 bytes
psshutdown.exe%Temp%\psshutdown.exe139,264 bytes
pintool.exe%Temp%\pintool.exe98,304 bytes
tapiui.exe%Temp%\tapiui.exe421,888 bytes

Service NameDisplay NameNew StatusService Filename
SCardSvrSmart Card"Running"%System%\SCardSvr.exe

 

Registry Modifications

 

Other details

PortProtocolProcess
1080TCPtsd32.exe (%Temp%\tsd32.exe)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.