Submission Summary:

What's been foundSeverity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Creates a startup registry entry.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\SBN\BTO.004 355 bytes MD5: 0x82F4381280A539ED55634323125DFC47
SHA-1: 0x7F75BE012495925C1FF7D6547DD0536EA677322F
(not available)
2 [file and pathname of the sample #1] 3,503,616 bytes MD5: 0x546918937F076AC6D3B9BDB5DAB7DABC
SHA-1: 0xA22EC3B3DB40EBC2B89723BF4FC02363A5C4E5A6
(not available)
3 %System%\Zezenia.exe 1,973,760 bytes MD5: 0x7D3DD8437BB2C2C47CC8FA758FB93DCD
SHA-1: 0x8E47ED7B70816462C20D177D728B90AEA2652762
(not available)
4 %Windir%\YEHCAT\BTO.00 2,291 bytes MD5: 0xC69BF7DFA3C0D82BFC7DBFF445FA5019
SHA-1: 0xEA585AC335A63DEA8C8A5365A660A1D628A073D6
(not available)
5 %Windir%\YEHCAT\BTO.01 81,408 bytes MD5: 0x0BAE2FAADEBF87415470A84C25D25D12
SHA-1: 0x6C41430BB010F8FF3B0B41C09B10722E5A5E7E10
not-a-virus:Monitor.Win32.Ardamax [Ikarus]
6 %Windir%\YEHCAT\BTO.02 55,808 bytes MD5: 0x2C53F9F35BDDE5809A810EFB9B2AF163
SHA-1: 0xB912248F0157B475926D198E02169913E9E22DF3
(not available)
7 %Windir%\YEHCAT\BTO.exe 2,754,560 bytes MD5: 0x8BFF693F0119AF3CF687FCFA944A310D
SHA-1: 0x26505048F94F14D7708E3555596CF498AF8BBC63
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
BTO.exe%Windir%\YEHCAT\BTO.exe2,973,696 bytes
[filename of the sample #1][file and pathname of the sample #1]3,518,464 bytes

Process NameMain Module Size
BTO.exe2,973,696 bytes

 

Registry Modifications

 

Other details

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.