Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 [file and pathname of the sample #1] 1,566,560 bytes MD5: 0xCFF3B8EC4C49051811213D3551EB3C28
SHA-1: 0xE815D540ABB0C63CC428F3A190D2C52951D3EB7D
Mal/DelpBank-A, Mal/DelpBank-A [Sophos]
2 %Windir%\Win_pwr.pdf 51,154 bytes MD5: 0x4D6C08C3D31B65221BA0676CF0C750FD
SHA-1: 0xC211472E60C9AD11535EB1BA202B60813EA2035C
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]1,597,440 bytes

 

Other details

Brazil

Server NameServer PortConnect as UserConnection Password
update.adobe.com80(null)(null)

 

 

Downloaded File Summary:

What's been foundSeverity Level
Communication with a remote SMTP server and sending out email.
Creates a startup registry entry.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\0409ca5892422fa7f542723c98992fad_a7bcc1a4-f7a4-4502-8650-8579e607f7f7 2,042 bytes MD5: 0x83735E91ADE91A4134B2C2AA86B7EAF0
SHA-1: 0x9EDE92A3808203C384E255E4F58FB602E0498D61
(not available)
2 %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\405e1a235f4d3730178facbfcb9cf8ca_a7bcc1a4-f7a4-4502-8650-8579e607f7f7 2,042 bytes MD5: 0xF43DE7D300C9AF10CA0CBC17D0934422
SHA-1: 0xEB50187ECA0206FEF23AC7774901E24B9E43B804
(not available)
3 %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\5a8ff7a6ad7e38ec83dcaa35f9967198_a7bcc1a4-f7a4-4502-8650-8579e607f7f7 2,042 bytes MD5: 0xDF459759C5E1098952965860CA9B17E0
SHA-1: 0x1129C4942E6F9F06B7459D26A55262BF2C0B5DB3
(not available)
4 %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\a8cb3137329d642872dd6b2116ec212e_a7bcc1a4-f7a4-4502-8650-8579e607f7f7 2,042 bytes MD5: 0x1D20F355004B048AE9C4A8D6E3EE17C7
SHA-1: 0xD6619000A5404A5ECA31BA1E585C20502DF1396D
(not available)
5 %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\d010246837dab01e4404dba1dca0efef_a7bcc1a4-f7a4-4502-8650-8579e607f7f7 2,042 bytes MD5: 0x5FEE7BA20D687644D2575305DC80192F
SHA-1: 0xCF27D3DC2144609172902365323D2D11526DA580
(not available)
6 %AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\d71375b114e472f50fdecc6000e0f0a4_a7bcc1a4-f7a4-4502-8650-8579e607f7f7 2,041 bytes MD5: 0x9C0FE84A94C8106914B7F7F5ACE725B2
SHA-1: 0x69E5F6D01B4E75F8288D16D1F0725E935B2C9E41
(not available)
7 %Temp%\WIDEAWAKE1.ecl 9,388,544 bytes MD5: 0xEBDB3DC4F3D6EC0C75B872A12B5B0A0A
SHA-1: 0x038148A9ECEDE455F8A2BA4023C02262966F607B
Trojan-Banker.Win32.Banz [Ikarus]
8 %Temp%\WIDEAWAKE2.ecl 4,656,128 bytes MD5: 0xA928A9B761B371128B1E20F6669A7D30
SHA-1: 0x83779EA2E2EC5F894CE63CBDEE8D07746CCEBF79
Trojan-Banker.Win32.Banz [Ikarus]
9 %Temp%\WIDEAWAKE3.ecl 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
10 %MyDocuments%\Gb.zip 22 bytes MD5: 0x76CDB2BAD9582D23C1F6F4D868218D6C
SHA-1: 0xB04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
(not available)
11 %Windir%\A777(1)(2).txt
%Windir%\A777(1).txt
%Windir%\B777(222)(222).txt
%Windir%\B777(222).txt
%Windir%\C111(3)(2).txt
%Windir%\C111(3).txt
%Windir%\WLog777.txt
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
12 %System%\GbPlugin-M?dulo de Seguran?a.com
%Windir%\xwizard(3).exe
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
13 %System%\GbPlugin-M?dulo de Seguran?a.exe
%Windir%\xwizard(1).exe
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
14 %System%\GbPlugin-M?dulo de Seguran?a.scr
%Windir%\xwizard(2).exe
7,577,352 bytes MD5: 0x39E1678B04EBBD9AFCDB26B3C21353DE
SHA-1: 0x194292C204172D3C94F88E14D4A6D6ECAD1C1657
(not available)
15 [file and pathname of the sample #1] 8,920,542 bytes MD5: 0x54347AE2FF693729F420CD45FABAF63D
SHA-1: 0x1896D0CC28F958FFBB78CF89D3542EE15333C0E2
Trojan-Banker.Win32.Banz [Ikarus]
16 [file and pathname of the sample #2] 4,217,344 bytes MD5: 0x9D6DF3E5D383BFEA815C4F3859751A20
SHA-1: 0x8228446A1387A427E0ADBC8588163EE603142F87
Trojan-Banker.Win32.Banz [Ikarus]
17 %Windir%\YW2.zip 3,785,654 bytes MD5: 0x1BDE0BE28581D393DD9D78411A408288
SHA-1: 0xE669A017E4C7C2BBB50231AF32ED0ADFC9456D40
(not available)
18 %Windir%\YW22.zip 8,486,415 bytes MD5: 0xC9DA7041197B312567314FCF12E536CF
SHA-1: 0xE6F78BE7C3212CCDDA31309D1EF9732770780ED3
(not available)
19 %Windir%\YW222.zip 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
WIDEAWAKE2.ecl%Temp%\WIDEAWAKE2.ecl4,685,824 bytes

 

Registry Modifications

 

Other details

Brazil

 

Generated SMTP traffic

--------------------------------------------------- Sente a? meu irm?o ? uma coisa rara de ver O ano ? bom, muito bom Estou feliz podes crer --------------------------------------------------- .

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.