Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\ATxBtCuy.exe 110,592 bytes MD5: 0x02295642397EDC2087FC296C684FDCB9
SHA-1: 0x3536BC0A17C0A2552E74E6583CCE5BA14F87F6F4
Troj/Spy-XR [Sophos]
2 %Temp%\Exploit.class 1,377 bytes MD5: 0xD6ED5E378FC74164AC903C05098BD920
SHA-1: 0xAB7CEE7E39E3929C899271ED8E898DDAA6BB9015
(not available)
3 %Temp%\META-INF\MANIFEST.MF 91 bytes MD5: 0x3384ACBCA76830A4835E53C856EDE437
SHA-1: 0xCC5F34EEF6710214D33D4C08E8036B41375B7A80
(not available)
4 %Temp%\metasploit\Payload.class 8,803 bytes MD5: 0xEEB9BA7FB4F752E1249E696B638D4732
SHA-1: 0x579BC6B6A8D9F99D98EB465E92A4B27893CEA406
(not available)
5 %Temp%\metasploit.dat 34 bytes MD5: 0xC394C759B64DCC8CBEA0C5812999B2AC
SHA-1: 0xA2A8D80A861E7043CF8733C00B5888150D5BC45A
(not available)
6 %Windir%\ime\wmimachine2.dll 77,824 bytes MD5: 0xEFF6859F28B1C215CC08608C2E4EB91C
SHA-1: 0xE0DF6443CEBCEA0B2A45335A81C40FDBD5371B6F
Troj/Spy-XR [Sophos]
Trojan-Downloader.Win32.PowerPointer [Ikarus]
7 [file and pathname of the sample #1] 116,856 bytes MD5: 0xB8AE7608B6E85B8B435AE3561A4D400D
SHA-1: 0x542B24F1DA13F0B1D647F3865B09E026BF00D4EF
Troj/Spy-XR [Sophos]

 

Memory Modifications

Module NameModule FilenameAddress Space Details
wmimachine2.dll%Windir%\ime\wmimachine2.dllProcess name: svchost.exe
Process filename: %System%\svchost.exe
Address space: 0x10000000 - 0x10013000

Service NameDisplay NameStatusService Filename
6to4.NET Runtime Optimization Service v2.086521.BackUp_X86"Running"%System%\svchost.exe -k netsvcs

 

Registry Modifications

 

Other details

China

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.