Submission Summary:

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\WZS1.tmp\CoodClip.exe 147,456 bytes MD5: 0x1AEBA427C65C6E7BD1FF19C46B199ABD
SHA-1: 0x7B5FD2551FE391677BA2C626DFDC48556324DC5C
2 %Temp%\WZS1.tmp\CoodClipLite.exe 131,072 bytes MD5: 0x809A0E9A7878ADD252F5F9FE0E5C6996
SHA-1: 0x0A8A14080AFE18EC06BE21EC27AED0ACECB91D2F
3 %Temp%\WZS1.tmp\en\CoodClip.cnt 1,115 bytes MD5: 0xBB3E44D81E6E7BC5F674C454CF5AF519
SHA-1: 0x36C96433FC92025AA6EADE2AC6D4B5B96DF6A5D7
4 %Temp%\WZS1.tmp\en\CoodClip.dll 28,672 bytes MD5: 0xE996AD4517F6EC9A47542D8346FAE844
SHA-1: 0xDE40C12ADD0C8F780EAE4426671089206EA9EAAA
5 %Temp%\WZS1.tmp\en\COODCLIP.HLP 62,346 bytes MD5: 0x2DCCE112EBD4D1298BE1E075144E9418
SHA-1: 0xCAE57CEC27214360E4909F61BF798C54A226788C
6 %Temp%\WZS1.tmp\en\CoodClipLite.dll 24,576 bytes MD5: 0xAFEDA1194125BF2DDAC9E9846B1CFE81
SHA-1: 0x53E4860FEBEF2920FFD0684740C449D8DC2F5B33
7 %Temp%\WZS1.tmp\fon_h.jpg 4,259 bytes MD5: 0x740EAF7BB1B3976AB71BF2C736DC1676
SHA-1: 0x6DA27304808E53C1C6620C1D1286E51635AC2F50
8 %Temp%\WZS1.tmp\fon_v.jpg 4,193 bytes MD5: 0xD0CCF37DA7228A41117FEB0E3042D824
SHA-1: 0x2DEEC99F3996BEBA9297A09AF3F6114DE163B32F
9 %Temp%\WZS1.tmp\PSAPI.DLL 45,136 bytes MD5: 0x070191A7AB7326D59BE5FA8304AE1EB7
SHA-1: 0x00F6FFAFBBB9579148FC3327B1DDD43869ABD864
10 %Temp%\WZS1.tmp\ru\CoodClip.cnt 1,158 bytes MD5: 0x62D999540CF6744899D9458294070872
SHA-1: 0xBE6BCA6C1A9BB5B7EDF6734AE1FAE6EE9625C113
11 %Temp%\WZS1.tmp\ru\CoodClip.dll 28,672 bytes MD5: 0x22FD8B8B34C0830B7053511528DEBAB4
SHA-1: 0x9D5CCA65256A1BD8DD4B116CE037C003704947F2
12 %Temp%\WZS1.tmp\ru\COODCLIP.HLP 66,369 bytes MD5: 0x91C8C5DA790EAB939D1E1D1996061430
SHA-1: 0x45B50DBBD4B85F13E1FF9CADA3CE3801CAC3D981
13 %Temp%\WZS1.tmp\ru\CoodClipLite.dll 24,576 bytes MD5: 0x55FBD43D8EB6AF3249F422BAF7D10347
SHA-1: 0x9CB8B1282B298BEE605F73356110B697B4BEFE71
14 %Temp%\WZS1.tmp\Setup.exe 65,536 bytes MD5: 0x883B974A3BE972F14188EECE282CACEE
SHA-1: 0xC3A8C856330A3D79BF1197A089E17E35F0E9E869
15 %Temp%\WZS1.tmp\setup.ini 84 bytes MD5: 0x70E37DD51DD25238C18474D182A18888
SHA-1: 0x2A58D77E8C4EB92B311DB2FFB2D7DF83E0BB6FC9
16 %Temp%\WZS1.tmp\Setup_en.dll 24,576 bytes MD5: 0x5652C803B1C4F43844C21AF6919E26DC
SHA-1: 0xFD170A482C4BE77A1D668D5BC550FE24E8B7510A
17 %Temp%\WZS1.tmp\Setup_ru.dll 24,576 bytes MD5: 0x845A66B3ED43019CCAE8894959B52FA6
SHA-1: 0x7280D814DA7DEB194C1BC070B6D92309DCE47CCE
18 %Temp%\WZS1.tmp\showall.htm 385 bytes MD5: 0x5B2565846FE4CF2A7D8554178E5F3342
SHA-1: 0x4FA6D23BD295A1810F4A2475C9EBE4B28491460E
19 %Temp%\WZS1.tmp\type_!.gif 845 bytes MD5: 0xA3313927979B5B48A3B77A218769F5A8
SHA-1: 0xBFD6E99CD3789378DE3F3773A3FFBA35AAF91488
20 %Temp%\WZS1.tmp\type_f.gif 852 bytes MD5: 0x35232F34FCC4E7B6597242F8F7B7ACE4
SHA-1: 0x1ADC15DF199065B2BD1DE02BBC4985811000CF98
21 %Temp%\WZS1.tmp\type_p.gif 857 bytes MD5: 0xCC58B94BDC5704C2E556B23EA6542254
SHA-1: 0xA868DD3A0F5983605AE1A71444AB2E915E364FEA
22 %Temp%\WZS1.tmp\type_t.gif 853 bytes MD5: 0xD884926983CA6FB53CF25FE6E1049799
SHA-1: 0x8D7C9BB83C7E0EC457AEABCFDBED0B0FE0C95EA1
23 [file and pathname of the sample #1] 321,536 bytes MD5: 0xE1FD89A4C55E25D097AC36B196FE7D6A
SHA-1: 0xA24E4733D1023BB6152E2535F337F042480C31B7

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]339,968 bytes

 

Other details

Russian Federation

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.