Submission Summary:

What's been foundSeverity Level
Contains characteristics of an identified security risk.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

Possible Security Risk

Threat CategoryDescription
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
A program that downloads files to the local computer that may represent security risk

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\E_N4\cnvpe.fne
%System%\13E92A\cnvpe.fne
61,440 bytes MD5: 0x36DDEE7039C085ECCB03D028EAE240EE
SHA-1: 0x168D8FD2990CDCC5A6B67E8CBFD60B659F8A7132
Mal/EncPk-NB [Sophos]
Trojan.Peed [Ikarus]
packed with PE-Crypt.CF [Kaspersky Lab]
2 %Temp%\E_N4\dp1.fne
%System%\13E92A\dp1.fne
114,688 bytes MD5: 0x7C1EE3AC2038CE6DB51B577B0D3FBAB4
SHA-1: 0xD2E0FA295B2BB92A8A1A7F9261B0F929EC32817D
Mal/EncPk-NB [Sophos]
packed with PE-Crypt.CF [Kaspersky Lab]
3 %Temp%\E_N4\eAPI.fne
%System%\13E92A\eAPI.fne
323,584 bytes MD5: 0x0A67F8201631B3E778F46F7A774D79E0
SHA-1: 0x28BEF8B36286CB134BCA78B395F825B1EC6FD38F
Trojan.Gen [Symantec]
generic!bg.etr [McAfee]
Trojan.Win32.Agent [Ikarus]
packed with PE-Crypt.CF [Kaspersky Lab]
4 %Temp%\E_N4\HtmlView.fne
%System%\13E92A\HtmlView.fne
217,088 bytes MD5: 0x641E7E304ECF4259B3D8E399E8C1BEEF
SHA-1: 0x1B0D48C1BA547C18B7F90692FAB5E9752F1A58E8
Tool-EPLLib.gen.a [McAfee]
Mal/EncPk-NB [Sophos]
HackTool.Win32.Patcher [Ikarus]
packed with PE-Crypt.CF [Kaspersky Lab]
5 %Temp%\E_N4\internet.fne
%System%\13E92A\internet.fne
184,320 bytes MD5: 0x4B66006DF308B433E072E8B906C3BF55
SHA-1: 0xADB08BEB1085D96ED5E3AC173FA5CB2BDF1B35D7
Trojan.Gen [Symantec]
Tool-EPLLib.gen.b [McAfee]
Mal/EncPk-NB [Sophos]
Virus.Win32.Heur [Ikarus]
packed with PE-Crypt.CF [Kaspersky Lab]
6 %Temp%\E_N4\krnln.fnr
%System%\13E92A\krnln.fnr
1,101,824 bytes MD5: 0x279BCD54AB9CA58E616984E0335057E4
SHA-1: 0x79F5D363C3549E78B641549D6C8E8FEB3B6F96D4
Trojan.Gen [Symantec]
Mal/EncPk-NB [Sophos]
packed with PE-Crypt.CF [Kaspersky Lab]
7 %Temp%\E_N4\shell.fne
%System%\13E92A\shell.fne
40,960 bytes MD5: 0x0F27A632D606EBDCD0C516EC9108FF4A
SHA-1: 0x32276613407F9AA937E21A92927116601F9B7890
Trojan Horse [Symantec]
Generic PWS.y!hv.s [McAfee]
Mal/EncPk-NB [Sophos]
Trojan:Win32/Bumat!rts [Microsoft]
Trojan.Peed [Ikarus]
packed with PE-Crypt.CF [Kaspersky Lab]
8 %Temp%\E_N4\spec.fne
%System%\13E92A\spec.fne
73,728 bytes MD5: 0x3209C2EC65D44D6906F45A583AAF3659
SHA-1: 0x2771A317F31AE175F00E7411CB2D1AADFBC63272
Trojan.Gen [Symantec]
Vundo.gen.cg [McAfee]
Mal/EncPk-NB [Sophos]
Trojan:Win32/Trabin!rts [Microsoft]
Trojan.Peed [Ikarus]
Win-Trojan/Xema.variant [AhnLab]
packed with PE-Crypt.CF [Kaspersky Lab]
9 %Programs%\Startup\AA2E5E.lnk 677 bytes MD5: 0x37298BD14A29802EF7206C7AF2AE19DE
SHA-1: 0x20D0CBCDBDFD5AF5C64E627FBAD6BA10EB59BD7C
(not available)
10 %System%\13E92A\RegEx.fnr 217,088 bytes MD5: 0xA67DADDCB30335163CF7D99F282F5AE0
SHA-1: 0xC033169006BEF68BEBFA77405C4A35688AB41A99
Tool-EPLLib [McAfee]
W32/AutoRun-MO [Sophos]
11 %System%\1CB5AD\AA2E5E.EXE
[file and pathname of the sample #1]
1,404,629 bytes MD5: 0xF6F525C4191C72C0DFE16F85823FBC80
SHA-1: 0xD6ECE6559578A862D322D2FB72988ABC2EBA1E6D
Packed.Generic.244 [Symantec]
Trojan-Downloader.Win32.FlyStudio.kx [Kaspersky Lab]
W32/Autorun.worm.ev [McAfee]
WORM_FLYSTUD.SMC [Trend Micro]
Mal/EncPk-NB [Sophos]
Backdoor:Win32/FlyAgent.F [Microsoft]
Worm.Win32.FlyStudio [Ikarus]
Win32/Flystudio.worm.Gen [AhnLab]
packed with PE-Crypt.CF [Kaspersky Lab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]200,704 bytes
aa2e5e.exe%System%\1cb5ad\aa2e5e.exe200,704 bytes

 

Other details

China

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.