Details
Malware Family PoisonIvy
Date Added March 23, 2015, 8:29 p.m.
MD5 f0ffe357d242e1fae2c2a14257a55f37
Sha256 23a3d1a666b88e8eb397b17684237e3da435f34b2eb0cc1b6e988cabcc8cfb4d
Robot Robots lovingly delivered by robohash.org
Config Sections
EnableKeyLogger 01
InstallName
HKLMValue msnmseger
EnableHKLM 01
PersistentProxy
CampaignID
InjectExe msnmsgr.exe
HijackProxy
InstallPath
InjectDefaultBrowser 01
EnableThreadPersistence 01
CopytoADS
EnableActiveX 01
Melt
Domains hgshdv.no-ip.biz:3460|
Flag3
Mutex
Password admin
GroupID
ActiveXKey {3779811F-C4F3-E0B2-F01D-A71F7DBD86C6}
Advertising
VirusTotal

51 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hgshdv.no-ip.biz 176.16.143.115 SA
hgshdv.no-ip.biz 176.16.143.115 SA
Geo Location
Yara Rules
Comments
comments powered by Disqus