Submission Summary:

 

Technical Details:

 

Possible Security Risk

Threat CategoryDescription
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\rM1sV4K2.exe
[file and pathname of the sample #1]
85,504 bytes MD5: 0xD6671C11F9BEC045D7A0DF232F264871
SHA-1: 0xE91393A1E934BE57EB06223E87E7FADFE209D1A3
Trojan Horse [Symantec]
Mal/Autorun-AS [Sophos]
TrojanDownloader:Win32/Obvod.K [Microsoft]
Trojan.Win32.Jorik [Ikarus]
2 %Temp%\bV7cF1T8.dat 60 bytes MD5: 0x1EF062ADF4164DFA61A2D1C3EE5DC6FE
SHA-1: 0xB54CC369577E84BF043D41D7F0943CB36B9F0A49
(not available)
3 %Temp%\qL4rU7J5.dat 128,507 bytes MD5: 0xE1669B1A69A73E468C3D1093DB28717E
SHA-1: 0x4AEE0778A9F9FD0147E9434AB308B6C60C4A0301
(not available)
4 %Temp%\VGX1.tmp 32,644 bytes MD5: 0x9ECA8AB0DC89EC487B5D4CEBF3510459
SHA-1: 0x7772F61F405CB99160D0F2C7321C4B44C05AFD86
(not available)
5 %Temp%\VGX10.tmp 805 bytes MD5: 0x568AD3FBECBA6C4632ABE553835C461D
SHA-1: 0x89E0C2161B46FACF81F7D16751BECA400591C410
(not available)
6 %Temp%\VGX11.tmp 828 bytes MD5: 0xF916C7FD603F3CE390939E0C1BBB1E79
SHA-1: 0xB97E5F3BBCF7EBB8A5EBBEF1092286737D408165
(not available)
7 %Temp%\VGX12.tmp 1,586 bytes MD5: 0xCB1A95655A982CF23B5FFE6D5CAA1EF1
SHA-1: 0xD719BB512F2C90AE15819876961C8F44A725E4ED
(not available)
8 %Temp%\VGX13.tmp 2,805 bytes MD5: 0x7DE253BCF0EBA3B646225BDD1C16713E
SHA-1: 0xA98AAA5D4B7DA9E2994ADBB954F3563823535A34
(not available)
9 %Temp%\VGX14.tmp 3,903 bytes MD5: 0x0B382A835621ADC591EC407188A7F12C
SHA-1: 0x32A0BB31546E5A83CA999E97F8F51F34CC94CAFD
(not available)
10 %Temp%\VGX19.tmp 154 bytes MD5: 0x417AF9C83793BAA1A71FE8788A98A843
SHA-1: 0xC8A239C9DDE6B1D472CE27BEA015C25FBAB48EE2
(not available)
11 %Temp%\VGX1A.tmp
%Temp%\VGX1D.tmp
6,118 bytes MD5: 0x2A9D952F4BD705B3F4FA9EB9DE6BAF83
SHA-1: 0xD6700E2D7C345E0382EA3E43655283A430DA0217
(not available)
12 %Temp%\VGX1B.tmp 537 bytes MD5: 0x5EF2DEDFA6B5A2BD48030BEEF14C84AF
SHA-1: 0xB3E132267842BD1AF186665B89E3C02AA850D814
(not available)
13 %Temp%\VGX1C.tmp 500 bytes MD5: 0xB0616FEF4641C2A22428A865F22CF366
SHA-1: 0xE925E56BC92F07A36F53CB68F833CDDE13D7DA73
(not available)
14 %Temp%\VGX2.tmp 3,841 bytes MD5: 0xE5FBDA29A20B3F7B6FD23C5E95C7C844
SHA-1: 0xEA6E245CC653036E1A51093A188E3CB22400A81C
(not available)
15 %Temp%\VGX3.tmp 6,176 bytes MD5: 0x89FB0F252E2E54DDB4C651C0FACB24CF
SHA-1: 0x267AB9AFDD3EAABE84336941AAB49695FF72FABF
(not available)
16 %Temp%\VGX4.tmp 7,327 bytes MD5: 0x8677DD875A836F32B0F5B12BC1DAFE08
SHA-1: 0x5146BD73B706B91DD87AAF6C0DB21DD23E4E048E
(not available)
17 %Temp%\VGX5.tmp 5,323 bytes MD5: 0x76D85FB8C0175749BCF1EF462130C51E
SHA-1: 0x5907DA07F745725A458166F081E5B9126768FBF4
(not available)
18 %Temp%\VGX6.tmp 8,966 bytes MD5: 0x47D14B5DDCEC14844190D6CACD358DFC
SHA-1: 0xC8C792FA2ADC3E92A304511062143512D9E4EE46
(not available)
19 %Temp%\VGX7.tmp 25,842 bytes MD5: 0xD9D7E5719E66C39FA289A18293F7FACA
SHA-1: 0xF097EC0189A8ABF463A132D2E4D79C0A8CD19E9C
(not available)
20 %Temp%\VGX8.tmp 7,127 bytes MD5: 0xD1AEE0FE8411D611CB875042667481AC
SHA-1: 0x7F73AF6CC0E2D3ADC35C91B867D31C65C3869801
(not available)
21 %Temp%\VGX9.tmp 6,293 bytes MD5: 0x05C2D52F658C751BF4EC1DC80FC7BFDE
SHA-1: 0x23EF62EE418B0E1920D491659A60B8EFF503BFBE
(not available)
22 %Temp%\VGXA.tmp 7,456 bytes MD5: 0xCD702E0CB0CA5915AF219E38BCEF9B52
SHA-1: 0x66546F5B07198F99DD1A461BA30167301163AB8C
(not available)
23 %Temp%\VGXB.tmp 5,463 bytes MD5: 0x7F59D846457256A2478F04EB96DC7FFF
SHA-1: 0xEA7ABB12CD7DB7A312F8DFDFB4D3539B96B97115
(not available)
24 %Temp%\VGXC.tmp 9,053 bytes MD5: 0x3F1BB6C601D7952B4F7DB693A02AC38D
SHA-1: 0xE1F1BE1466E8F27BF6D2841876151C685BBFF0D2
(not available)
25 %Temp%\VGXD.tmp 766 bytes MD5: 0xA7CA9710B9884D8992D65B3909F7680B
SHA-1: 0xB3129B94F33A004DA665CD6064F4F6671BD56AD7
(not available)
26 %Temp%\VGXE.tmp 828 bytes MD5: 0x70123EFBFD102A1C89F8538C4720AFE0
SHA-1: 0xCF922518233D94F585E0DC62287BC7DE8CB18127
(not available)
27 %Temp%\VGXF.tmp 874 bytes MD5: 0xC9F16DA7871FC22BBB80A27CC0E6EE1E
SHA-1: 0x2605D51DA7F5CF72462E44B1D9F411A01F7B4302
(not available)
28 %Windir%\Tasks\At1.job 416 bytes MD5: 0xC9C6150E0B6F1D630C27529C1CA5FBBE
SHA-1: 0x6F9DB27C4A35EB877F299A33CBCC39F7B53DCC8D
(not available)
29 %Windir%\Tasks\At10.job 416 bytes MD5: 0x03DAC5233D3837B6198F47BDBD9B318F
SHA-1: 0x2A0C504071047C882D4D4342F78BD9AAF9068396
(not available)
30 %Windir%\Tasks\At11.job 416 bytes MD5: 0x0FC6E18631BFF13124E3869A8C2B4F27
SHA-1: 0x200B915FB395102F0F71958E5C19F82E6CF6D999
(not available)
31 %Windir%\Tasks\At12.job 416 bytes MD5: 0xEB9D0B26576D1965FC611179149B43BA
SHA-1: 0x9CC7A62A84BF71688C58783B28E8CD24069FBF40
(not available)
32 %Windir%\Tasks\At13.job 416 bytes MD5: 0x7E743CD241B6557BCBF02A1F664C239C
SHA-1: 0xF08B62801193E496BA0E7CBCE6F4D3949467538B
(not available)
33 %Windir%\Tasks\At14.job 416 bytes MD5: 0x36F072F648DD98B3B7BD12845E344A25
SHA-1: 0x9302180EA267D4D9D67CD6D73C6A3F3247EE542F
(not available)
34 %Windir%\Tasks\At15.job 416 bytes MD5: 0x216A993DDCB9CFE2EE86A3B89AD7CAA3
SHA-1: 0x071A87AF6C6670C0BD10B123B28688BDDE381549
(not available)
35 %Windir%\Tasks\At16.job 416 bytes MD5: 0x50498EFCD601D03E430AFFB7BACD3507
SHA-1: 0xFE9BE993B34201DB309873D16E7D287049FF338C
(not available)
36 %Windir%\Tasks\At17.job 416 bytes MD5: 0xB3266C476A1D57E159E41F5001A741BF
SHA-1: 0x180A9B1F8599F418824A728BCCE876E09D6F3BDE
(not available)
37 %Windir%\Tasks\At18.job 416 bytes MD5: 0x291B5796CFDEB62949FDECF2864F8983
SHA-1: 0xC5853CE8577A5E70D9B84DA8D9D61F8A5C6EA956
(not available)
38 %Windir%\Tasks\At19.job 416 bytes MD5: 0xD02D03317DC6EC9458FAD8A9CFB61487
SHA-1: 0xC00EBCF437807C40EC993EC501FEED8C860361B1
(not available)
39 %Windir%\Tasks\At2.job 416 bytes MD5: 0x32F2C25D66EFD825DDADCAF002A08674
SHA-1: 0x9FDE78C9B624977D313F1D6D926A9E381554B370
(not available)
40 %Windir%\Tasks\At20.job 416 bytes MD5: 0x7FEA57A9C86115C9858F44303BC01D6A
SHA-1: 0x518961F5FB174E559F16FB5F69171EE50657D5D3
(not available)
41 %Windir%\Tasks\At21.job 416 bytes MD5: 0x89928BC86D0800FCC0236B46797D5C07
SHA-1: 0x2517A50480257F340472BB43D474DB7B7CEACA20
(not available)
42 %Windir%\Tasks\At22.job 416 bytes MD5: 0x1CD9E28353721CF3FE608FA965429777
SHA-1: 0xF12DF7E62063AA4350D1D2CBE48524615854A583
(not available)
43 %Windir%\Tasks\At23.job 416 bytes MD5: 0x74F56908A03F8B94A49C4A1007D2064F
SHA-1: 0xA2CA3565ECB045D875E5BADFCB93AE2DB0A88BF4
(not available)
44 %Windir%\Tasks\At24.job 416 bytes MD5: 0xA04CD6571D80E688E923600B5CDF7412
SHA-1: 0x8AF6C53EAF5BAD0C76AF652A64B5CCD0165701F0
(not available)
45 %Windir%\Tasks\At25.job 418 bytes MD5: 0x616B6A95F9F5A34A73EFC3FF93E899CA
SHA-1: 0x203D37B0D48A9AE51391C366D02275C0F0407BAF
(not available)
46 %Windir%\Tasks\At26.job 418 bytes MD5: 0x3CAEF90CDF7AD3E371E51B93FE153180
SHA-1: 0xA605B3D4E6783047661F00B6984D0D6B851C55DF
(not available)
47 %Windir%\Tasks\At27.job 418 bytes MD5: 0xFDAEC0E57CCB45A613B8D1A6338A17D4
SHA-1: 0x085DB2574FA023C03CAFF589169531AA81773240
(not available)
48 %Windir%\Tasks\At28.job 418 bytes MD5: 0xFFF4CBFB608F60710EEBF492DFD5C3D5
SHA-1: 0xFBC27F79DACF3103F5C63DAFAC9C2FFF60E52A4C
(not available)
49 %Windir%\Tasks\At29.job 418 bytes MD5: 0x94304B5682AC4CB5441B15E475A2B55C
SHA-1: 0x741BC969DBA6CB2E15DAE21913944474F61836BF
(not available)
50 %Windir%\Tasks\At3.job 416 bytes MD5: 0x6F4F0881DD696E35E4CFE0EFBC036D5A
SHA-1: 0x9485FA261E81EBFB6A87A36D351B18E556833E9F
(not available)
51 %Windir%\Tasks\At30.job 418 bytes MD5: 0x0A72C19ECE1BECB2A747AB6AD6A1E03A
SHA-1: 0x8152640C5C7393BFC41B542C66060D90414F8372
(not available)
52 %Windir%\Tasks\At31.job 418 bytes MD5: 0xB98C9D323CA4D4CE6DFA9E4C75031AF2
SHA-1: 0xFF9C1DBA9174D45F844B153CD0A16286C9E9DBAC
(not available)
53 %Windir%\Tasks\At32.job 418 bytes MD5: 0xE245F2E30454F5C57FFC43017CD17C8A
SHA-1: 0x62260211906368BFE65483C0CB9AC3E47BC86F83
(not available)
54 %Windir%\Tasks\At33.job 418 bytes MD5: 0x637086E241AE573B1D51B48CFB4941E1
SHA-1: 0x29A5BB17C5D8B7D2CD1CF4E5A69232FAF51CDCA6
(not available)
55 %Windir%\Tasks\At34.job 418 bytes MD5: 0x2451C78BCC5DD7EC651D588D0D9082DC
SHA-1: 0x4E9DEE72B3BB8E1891F7824AA2A22C348E535E0E
(not available)
56 %Windir%\Tasks\At35.job 418 bytes MD5: 0xACD3CCFD6AC5E998D8134A2231145315
SHA-1: 0x6652780C7789FD9D3C1895E6AA135E9B576A99A7
(not available)
57 %Windir%\Tasks\At36.job 418 bytes MD5: 0x3D398A1109D3B700A25DF5BEB1DD2ACA
SHA-1: 0xF4F65DC036A1FB6CA312771FBC60EAD15E334A9B
(not available)
58 %Windir%\Tasks\At37.job 418 bytes MD5: 0x79F43FA26A0376E32E60D84D624A30D9
SHA-1: 0x43208832571C307DFADCA993F8CC809D65560F5B
(not available)
59 %Windir%\Tasks\At38.job 418 bytes MD5: 0x46BA5174ED232CC9AB1C6E56D1B830C7
SHA-1: 0xB3D601309D795C1C5C8BF6E834EA1794CDACA15B
(not available)
60 %Windir%\Tasks\At39.job 418 bytes MD5: 0xE412F3DF149C5C6E73A14EC37F029AF1
SHA-1: 0x219ABED0218D11DA5EAE554590C26B9AD79D61D4
(not available)
61 %Windir%\Tasks\At4.job 416 bytes MD5: 0x677281009ABDF072C186491E509F1F2A
SHA-1: 0x3D00250AF9C64E9AB0E9041B0B705E8C25C2C795
(not available)
62 %Windir%\Tasks\At40.job 418 bytes MD5: 0x0ECBC036020C58C07369BA9940B4E93F
SHA-1: 0x414932ADD1D2F014EEFE5871E639FED3D99BA212
(not available)
63 %Windir%\Tasks\At41.job 418 bytes MD5: 0x83B878D0CCC05B580232452F96834EAA
SHA-1: 0xDD054ADEF3D2E72263EE6ACE2D2FC236B5EB78AE
(not available)
64 %Windir%\Tasks\At42.job 418 bytes MD5: 0x825493638FE1D18F0CC3D93A76290A63
SHA-1: 0xC12B1E9A011679D51170C41A300921358924C987
(not available)
65 %Windir%\Tasks\At43.job 418 bytes MD5: 0x3C96E410C3A3A28CACECF71653177E54
SHA-1: 0xFD5BA52AEE608CC971E4FDE5EC702603D9815C90
(not available)
66 %Windir%\Tasks\At44.job 418 bytes MD5: 0x4443D29A2134A495C9CCE5E3BB60C314
SHA-1: 0x1A74E03130FCB0E8383202A30E8F63318D6FD456
(not available)
67 %Windir%\Tasks\At45.job 418 bytes MD5: 0xCB4B20BD4D58E837C3053423743A1D4A
SHA-1: 0xFEAFA96A66BF3CDAF48DA6A1CEC3307EA49E9EB5
(not available)
68 %Windir%\Tasks\At46.job 418 bytes MD5: 0xA50BCE5B4BE65E7659607741759D45AD
SHA-1: 0xB362831A3A34DCA5BE148E4450FA694E5DA4E057
(not available)
69 %Windir%\Tasks\At47.job 418 bytes MD5: 0xAF1DA9923AC6195A5A71B54415CF26C9
SHA-1: 0xA7F7940EB5E52A14BE70FEA93E4E5B1040FB4745
(not available)
70 %Windir%\Tasks\At48.job 418 bytes MD5: 0xD1B2EA07717544498381A3986E6DBBDF
SHA-1: 0x214A721ED2EEE06F8DFEB7825551E23C9D1DD1F8
(not available)
71 %Windir%\Tasks\At5.job 416 bytes MD5: 0xD4C7A4C07349EF9915DA1A6D70C0BB36
SHA-1: 0x6BA27F0B014650C44F72A6987F69B3248F82806C
(not available)
72 %Windir%\Tasks\At6.job 416 bytes MD5: 0x56BE4CF338B222BD39DC9586EC21FC9F
SHA-1: 0xDD6A991BD087F554B2A0E41709AB78926FD6CECC
(not available)
73 %Windir%\Tasks\At7.job 416 bytes MD5: 0x74E8A62676D73EA48D98B925FB082D47
SHA-1: 0x4B41D6F2F10B84F5D9DC55CAB16579A92BBEA151
(not available)
74 %Windir%\Tasks\At8.job 416 bytes MD5: 0x350742A4AFB8181DAD7068113C568AD7
SHA-1: 0x607D4EDFD4A5D9A7F02ABAC7806EED03F4D2AEEC
(not available)
75 %Windir%\Tasks\At9.job 416 bytes MD5: 0x2EBE3EAA1BC8310A656A3A8AD09209B6
SHA-1: 0xA98607ED2142400553FBBC69163C4A24510F5502
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]114,688 bytes
rM1sV4K2.exe%CommonAppData%\rm1sv4k2.exe114,688 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
164.177.138.24480
173.194.33.480
216.137.43.19880
216.137.43.22880
216.137.43.6780
64.208.138.9880
64.236.68.22880
64.94.107.1980
64.94.107.4380
67.202.25.25080

 

Outbound traffic (potentially malicious)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.