Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\zboard\1.gif 822 bytes MD5: 0xD2D904A2FE62B486D7FB9DF5B25FC288
SHA-1: 0x4C7D9071F2A46EBFB01ED3EC7443642E16D60230
(not available)
2 %Temp%\zboard\1.txt 189 bytes MD5: 0xE3585A69E6AE74898DB9F2005BCF9D3B
SHA-1: 0x201B249BDCFA121E335DE861DAF919E2BB07B299
(not available)
3 %Temp%\zboard\test.jpg 632 bytes MD5: 0x5C6DDD1F46244FE6780348ECC721569C
SHA-1: 0x72C1C32C4569C15215746514DF9C35C9FA3E5992
(not available)
4 %Temp%\zboard\upw.php 251 bytes MD5: 0x4F220E2F8AF805EEA978E1F07E2BF019
SHA-1: 0x2C5B55DB7FB03DC720875C805F2685DA77ADA39D
(not available)
5 %Temp%\zboard\z7.exe 1,495,040 bytes MD5: 0x446D0E7F50DD1B411DEF95315DD2C387
SHA-1: 0xC70ABE92C82C2ACED17DCA46B4562186FF65B9BE
Trojan-Downloader.Win32.Pher [Ikarus]
6 [file and pathname of the sample #1] 642,604 bytes MD5: 0xCEA2D9AC663BC3769865F089597F094D
SHA-1: 0x3DB0352E6D41F04FD102DB09F7F1CF90745D7044
Trojan-Downloader.Win32.Pher [Ikarus]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
z7.exe%Temp%\zboard\z7.exe1,544,192 bytes

 

Other details

China

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.