Report - CrySyS Lab
Report - CrySyS Lab
Report - CrySyS Lab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Figure 44– Process Monitor shows that ocp.exe drops iepv.exe<br />
The dropped file iepv.exe has the following hashes and compile time:<br />
MD5 hash: 28c110b8d0ad095131c8d06043678086<br />
SHA1 hash: c684cf321e890e0e766a97609a4cde866156d6c5<br />
compile time: 2009-09-28 09:29:03<br />
The file is packed with UPX, and its content is compiled with Microsoft Visual C++ 7.1. Its known<br />
functionality is to reveal the passwords stored by IExplorer. The file has been submitted for analysis<br />
to VirusTotal on March 8, 2013, and it is recognized by multiple anti-virus products.<br />
oct.txt<br />
MD5 hash: ba7f9a2cec106773d17df4f571b4b8e8<br />
Identical with: planetnews_ct.ex<br />
40