Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\Config\amd64\bcdboot.exe 192,704 bytes MD5: 0xBE14BE7C8F7F0F4E397B89979CB9CF6B
SHA-1: 0x7F59BE597069C91C8CADDF08D12BA8FBBD65B66F
2 %Temp%\Config\amd64\CBSHost.dll 169,984 bytes MD5: 0xF45C4BBA9DC46DB59FCF9975A1EBA6D9
SHA-1: 0xE427F0548CACBDB0535107B4301A83EC813B1454
3 %Temp%\Config\amd64\NCleaner.dll 44,032 bytes MD5: 0xF7FFAE87600749ADA339F55F25B4709B
SHA-1: 0xB8955E79F53D1E174F5BD8397617735CB5E10FF3
4 %Temp%\Config\amd64\wimgapi.dll 727,488 bytes MD5: 0xD2E162747F3F001D43A3348055A7CDD2
SHA-1: 0x82F9AF2CD8AFEA53E147A8D98732319E42531382
5 %Temp%\Config\amd64\wofadk.sys 221,376 bytes MD5: 0xFBA28D5AC166714737D1D8CDF0AEF078
SHA-1: 0xEEF8D1BCA48ECC93A7F165B735F7047EF085E12D
6 %Temp%\Config\Data.zip 45,627 bytes MD5: 0x23C906FAAB0A2FFEE6AB5EA424F337E6
SHA-1: 0x36DD5515C3A4AC9FB64D0B642E29E70DF2DD8409
7 %Temp%\Config\default.ui.zip 32,458 bytes MD5: 0xE4B7BEF45A8F48832BA59396509DCB76
SHA-1: 0xBB7D11922AD75FAF8CDBD07BF3637B949C5C99B1
8 %Temp%\Config\Languages\bg.zip 42,927 bytes MD5: 0x452653DD2AE20038D8004CAD8BD775F2
SHA-1: 0x385B33B195484FACADF6F5B18150F77E49941F1F
9 %Temp%\Config\Languages\cs.zip 40,092 bytes MD5: 0x5B9C8999771DEA9879C3BBB867187980
SHA-1: 0xF61AC0E8369950AB7ED0D5E3B70E361B16C89408
10 %Temp%\Config\Languages\de.zip 39,867 bytes MD5: 0x9046F83FDE63B3AE67F6D781DAC0B33E
SHA-1: 0x2F84C4DDA7ABAFA38851A12C7EBDB2290F492495
11 %Temp%\Config\Languages\en.zip 37,423 bytes MD5: 0xCB983581F7B5D70798FE8321ED74C9DA
SHA-1: 0xCEB23B2409A86DAAD591E42153F41E2E0A372ABB
12 %Temp%\Config\Languages\es.zip 38,093 bytes MD5: 0x52137B4FE70A70005A4697E7C05B088B
SHA-1: 0xDD1FF57252A2896FC64AAA7F0898E7C56D879386
13 %Temp%\Config\Languages\fr.zip 40,862 bytes MD5: 0xBFE6C40797A9D5133E5003D3AEF12C20
SHA-1: 0xE5EA2759272E1766F3007A2A429CB797899C689D
14 %Temp%\Config\Languages\it.zip 38,717 bytes MD5: 0x308630D184B7C80BF8368E6E1065E499
SHA-1: 0xA988A2F3DF3ACBA98836D57775A21A15EF1D9661
15 %Temp%\Config\Languages\ja.zip 39,112 bytes MD5: 0xDB16F0BA98167D6768CA490CC118599C
SHA-1: 0xCF188C052B61A201BB913BDF6FF5E8C99C68C915
16 %Temp%\Config\Languages\ko.zip 39,735 bytes MD5: 0x1E8234D459A81E69C82CE7980A681A08
SHA-1: 0xF3BC7E5F62303A4B6329A52A9000083A156556B7
17 %Temp%\Config\Languages\pl-PL.zip 39,710 bytes MD5: 0x1E8DEED737A5918721B19F6D3A533929
SHA-1: 0x35EF7F6E1354AD912975DC41FFB0ABB2187FF12C
18 %Temp%\Config\Languages\pt.zip 39,497 bytes MD5: 0x06ACC533A1832A751AE08853E95A065B
SHA-1: 0x3623AF77C5CFD40460F97E7C17CF731589F47E99
19 %Temp%\Config\Languages\ru.zip 42,798 bytes MD5: 0xACB932E9AB2B04B7FC9F31772C41A7AB
SHA-1: 0xF1A8FE4C13E201D4A20BD5707F0F0DC20F8D9F3C
20 %Temp%\Config\Languages\zh-Hans.zip 6,853 bytes MD5: 0x534A65B921AB00D6011D85CF373F235C
SHA-1: 0xA94AF5BB083887B772808B2C36F4BAD496353416
21 %Temp%\Config\Languages\zh-Hant.zip 34,838 bytes MD5: 0xBA4F873D38597D97C5B28DDB086C7451
SHA-1: 0x866D9AA3FB8D3BFEAA9839317EE259698C3873CC
22 %Temp%\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.amd64.dll 120,832 bytes MD5: 0xD15E034495627AE34FC5DE6A5C58EACE
SHA-1: 0xAF65785B963BB71DCDC4E53E725CF2104B78EFA2
23 %Temp%\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\Plugin.x86.dll 88,064 bytes MD5: 0x1E47F1E38146991BCEC8A72BF5F3BE40
SHA-1: 0x24AF6931148948D8145C04CC060FF01AE4FEBDD0
24 %Temp%\Config\Plugins\FrogPlugins_Pcn7FMvReAsVWfCQBfRJCw\PluginRes.dll 644,608 bytes MD5: 0xCAB1EBC67EE075F4844C0836B6B29D73
SHA-1: 0x8DF720C83FD4ADB20EBECB6F26E3629B18EDE78A
25 %Temp%\Config\UpdateInfo.zip 12,826 bytes MD5: 0x5368BD990F2B70488C4E95BD65BFBB6D
SHA-1: 0xABB0636F2ABFEE74936A8EF792B21D50F624BE4E
26 %Temp%\Config\x86\bcdboot.exe 161,984 bytes MD5: 0x805A3ACFB09848CE0255D20F7B993313
SHA-1: 0xAEA9A8992B7971890C033802CD273B12D242DE90
27 %Temp%\Config\x86\CBSHost.dll 122,368 bytes MD5: 0xF5EFCF1943E2E3F7A4BADDDA8A22560F
SHA-1: 0x7E7FF75A32E19C557482B1C1A40789FB4A02562C
28 %Temp%\Config\x86\NCleaner.dll 34,816 bytes MD5: 0xC8EE21CE43E33EAC904EB9E36ECBBE95
SHA-1: 0x573E24B186A22E5A956C19035F8E9B57712BC7BC
29 %Temp%\Config\x86\wimgapi.dll 612,152 bytes MD5: 0xEF096EA52EF88A8D544ECE9CE8191924
SHA-1: 0xBF669BE0E5CE73B077200C99155441A381BD9E99
30 %Temp%\Config\x86\wofadk.sys 190,656 bytes MD5: 0xB58305136C4CE3508C0A3C9E48432AC9
SHA-1: 0x810AC2AB7B4EC2604B81838977E1C6341136E8DB
31 %Temp%\Dism++x64.exe 1,219,584 bytes MD5: 0xA73D14EB34FC1E6400B0C803506EA471
SHA-1: 0x2A54AE081358AAA91FAE30158943682D623EAC6A
32 %Temp%\Dism++x86.exe 902,144 bytes MD5: 0xCA45D3CE291BD796A7BF644F0335BE67
SHA-1: 0xE1AD9FD98C3171450A4E9FF5B740D9D8BC9C1AEC
33 %Temp%\ReadMe for NCleaner.txt 10,389 bytes MD5: 0x727B5F4E75FD880A3EF967A76FFBEFC6
SHA-1: 0x854428AA1B8AD19E229B57164C9E27837AD3A907
34 %Temp%\What's New(Public).txt 95,816 bytes MD5: 0x56CF1C1489EC24693158C2A8BE85DF06
SHA-1: 0x46204BBF3D836E46F0D316DFBBF981087CE1B488
35 %Temp%\???????????????????????????.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
36 [file and pathname of the sample #1] 3,106,792 bytes MD5: 0x685F5E42A6FD2204A7CE02D4B09C7764
SHA-1: 0xA776198FCCAA9CFDD591BD08DE22205CEB0CC45F

 

Other details

China

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2018 ThreatExpert. All rights reserved.