Submission Summary:

What's been foundSeverity Level
Produces outbound traffic.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\8.tmp\????? ????.bat 51 bytes MD5: 0x451708A386F5EA22A296AA4D04A1547C
SHA-1: 0xF8F5AEFF58E55B6CA00DC1ED32EED5EF686B1B3E
(not available)
2 %Temp%\Minecraft.exe 221,696 bytes MD5: 0xC567BEA045A05B0E444BC53F9F1CD75A
SHA-1: 0x0F2B15B460DEC1449DDF3F11839BEA6C349691B2
packed with UPX [Kaspersky Lab]
3 %System%\MinecraftSP.jar 139,783 bytes MD5: 0x4ECA7879FF514CDD79C290701443EEDD
SHA-1: 0x6380000447E5048759B9AF0F7610C993B9AAF890
(not available)
4 [file and pathname of the sample #1] 1,531,585 bytes MD5: 0x445F7B925BCCDDC1561C04105A857093
SHA-1: 0x65022F7DC24383769905152BCADAF9D8E7AD5CF0
(not available)
5 %System%\zrziby.exe 875,520 bytes MD5: 0x7BD0C413DC0919EA8265DE72752C605D
SHA-1: 0xEBB7E1A1B3CDCB130F7BFFA468514807CFA62C80
Mal/EncPk-PQ [Sophos]
Virus.Win32.Sality [Ikarus]
packed with PE_Patch [Kaspersky Lab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
zrziby.exe%System%\zrziby.exe905,216 bytes
Minecraft.exe%Temp%\minecraft.exe520,192 bytes
[filename of the sample #1][file and pathname of the sample #1]724,992 bytes
server_se.exe%Temp%\server_se.exe905,216 bytes

Service NameDisplay NameStatusService Filename
rcmdsvcRemote Command Service"Running"%System%\zrziby.exe

 

Registry Modifications

 

Other details

United Kingdom

PortProtocolProcess
1034TCPzrziby.exe (%System%\zrziby.exe)

Remote HostPort Number
makevlar.codns.com1339

 

Outbound traffic (potentially malicious)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.