Details
Malware Family Xtreme
Date Added March 23, 2015, 8:29 p.m.
MD5 381ed46b527b3b77f97dc0fc298f064f
Sha256 45d0343362c498e7d95d329490208f44e18f38fddede2f5ad841eba1faf6b29f
Robot Robots lovingly delivered by robohash.org
Config Sections
Group Servers
Install Name Server.exe
FTP Server ftp.ftpserver.com
Domain9 :0
Version 2.8.3
Mutex --((Mutex))--
HKLM KLM
Domain3 127.0.0.1:80
Domain2 fofs.no-ip.biz:82
Domain1 127.0.0.1:82
Domain7 :0
Domain6 :0
Domain5 :0
Domain4 :0
Install Dir InstallDir
Domain19 :0
Domain18 :0
Custom Reg Key HKCU\Software\Microsoft\Windows\CurrentVersion\Run
FTP Password
Domain15 :0
Domain14 :0
Domain13 :0
Domain12 :0
Domain11 :0
Domain10 :0
Injection explorer.exe
FTP Folder
Custom Reg Value 127.0.0.1
ID Server
Domain20 :0
FTP UserName ftpuser
Custom Reg Name HKCU
Domain17 :0
Domain8 :0
Domain16 :0
ActiveX Key {40Y5QQO0-O54O-1L12-Y6TY-KJUI3K86M15W}
HKCU HKCU
Advertising
VirusTotal

36 out of 44 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus