Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %CommonDesktopDir%\WinSshFS.lnk 726 bytes MD5: 0xB416D7777231F9801EF93C3C1ADBFB2B
SHA-1: 0xD0BBEBD95B7368F4BD6C2BE0D20ACDB7139F5838
2 %ProgramFiles%\WinSshFS\app.ico 353,118 bytes MD5: 0xC287C8488F7D3052CE98DB1C40DE866E
SHA-1: 0xBEF69EC635E54C965A4435C8E33C0DFBC3B60914
3 %ProgramFiles%\WinSshFS\de\DokanNet.resources.dll 4,608 bytes MD5: 0x2BC5554F16F7AB660F0DC69CCF379574
SHA-1: 0x55BCB8B55C891E83E6FFFD0D073DC759337BCF0E
4 %ProgramFiles%\WinSshFS\DokanNet.dll 57,856 bytes MD5: 0x5F3B91E2FE31F6F33203A26CAA0F5388
SHA-1: 0xD07876371F9311D968F35F856A2F77D804E50434
5 %ProgramFiles%\WinSshFS\fr\DokanNet.resources.dll 4,608 bytes MD5: 0x411B50A605FD00A44977832A81A8046D
SHA-1: 0x928E8A06B9957830DA1F6804DE1631E97F77D8CF
6 %ProgramFiles%\WinSshFS\Renci.SshNet.dll 420,352 bytes MD5: 0x645F5D2A82B75266C937451452EA6A37
SHA-1: 0x694D1FD66EC622F6A4B05B20502966D33B499BA2
7 %ProgramFiles%\WinSshFS\sv\DokanNet.resources.dll 4,096 bytes MD5: 0xA1ACC407C532C5E174F161AE254626F3
SHA-1: 0xDEF89B0D71E3F40C9E4B0ED3D693C3A05F1196B0
8 %ProgramFiles%\WinSshFS\WinSshFS.exe 1,181,696 bytes MD5: 0xCB0FF6F53A777645EE128E60FF2D3777
SHA-1: 0x64C982488C607A66864905FD6BDDA592A4AB0394
9 %ProgramFiles%\WinSshFS\WinSshFS.exe.config 1,498 bytes MD5: 0xAB9EE0BF9C250078C43EB344B6B71DBA
SHA-1: 0xE36F43B9BC3356AFF7C5E0DEB40F268E1A4EC20C
10 %Windir%\Installer\16e88.msi 20,992 bytes MD5: 0x1E51022BCA16383F06DF21986A4F6535
SHA-1: 0x7E3FA72960BBA114B8BA8413301100F85FA50A0B
11 [file and pathname of the sample #1] 532,480 bytes MD5: 0xB4B286D2B8BBBCA06ACF73307C115A00
SHA-1: 0xF21E4B8798D8EC8E59D715886130CA2D72B9EDEF

 

Memory Modifications

Service NameDisplay NameNew StatusService Filename
MSIServerWindows Installer"Running"%System%\msiexec.exe /V

 

Registry Modifications

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2018 ThreatExpert. All rights reserved.