skywiper_v1.05
Common Information
| Type | Value |
|---|---|
| UUID | 67c052d8-570a-4d06-8c47-7cb8334a485a |
| Fingerprint | a12acb2ef3a3b74aec694d618ad92cf6b1bfe609940b55fc94a63568d39a4533 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 31, 2012, 12:59 a.m. |
| Added to db | March 10, 2024, 3:33 a.m. |
| Last updated | Aug. 31, 2024, 1:22 a.m. |
| Headline | skywiper_v1.05 |
| Title | skywiper_v1.05 |
| Detected Hints/Tags/Attributes | 139/3/251 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Url | 1 | https://www.securelist.com/en/blog?weblogid=208193538#w208193538 |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Autenthication |
|
| Details | Windows Registry Key | 7 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 1 | HKLM\Security\Policy\PolSecretEncryptionKey |
|
| Details | Windows Registry Key | 3 | HKLM\SAM\SAM\Domains\Account\F |
|
| Details | Domain | 17 | www.crysys.hu |
|
| Details | Domain | 3 | www.bme.hu |
|
| Details | Domain | 2 | www.certcc.ir |
|
| Details | Domain | 4 | activescripteventconsumer.name |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | s1.run |
|
| Details | Domain | 12 | download.windowsupdate.com |
|
| Details | Domain | 1 | muv4wuredir.cab |
|
| Details | Domain | 2 | gator.servers.free |
|
| Details | Domain | 1 | xxxx.info |
|
| Details | Domain | 2 | data.site |
|
| Details | Domain | 6 | xxxxx.com |
|
| Details | Domain | 2 | xxx.info |
|
| Details | Domain | 1 | 6000.381.cab |
|
| Details | Domain | 1 | wuredir.cab |
|
| Details | Domain | 1 | muv3wuredir.cab |
|
| Details | Domain | 1 | muident.cab |
|
| Details | Domain | 1 | wsus3setup.cab |
|
| Details | Domain | 1 | wusetup.cab |
|
| Details | Domain | 45 | www.securelist.com |
|
| Details | Domain | 1 | modevga.com |
|
| Details | Domain | 1 | mon.com |
|
| Details | File | 141 | www.cer |
|
| Details | File | 1205 | index.php |
|
| Details | File | 2 | wavesup3.drv |
|
| Details | File | 1 | audcache.dat |
|
| Details | File | 1 | to691.tmp |
|
| Details | File | 1 | ccalc32.sys |
|
| Details | File | 1 | mssecmgr.sys |
|
| Details | File | 1 | boot32drv.sys |
|
| Details | File | 1 | deb93d.tmp |
|
| Details | File | 306 | services.exe |
|
| Details | File | 1 | hlv084.tmp |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 1 | hlv294.tmp |
|
| Details | File | 1 | dstrlog.dat |
|
| Details | File | 1 | lmcache.dat |
|
| Details | File | 2 | mscrypt.dat |
|
| Details | File | 1 | ntcache.dat |
|
| Details | File | 2 | rccache.dat |
|
| Details | File | 2 | audfilter.dat |
|
| Details | File | 2 | wpgfilter.dat |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | wavsup3.drv |
|
| Details | File | 10 | fltmgr.sys |
|
| Details | File | 1 | c:\windows\system32\drivers\fltmgr.sys |
|
| Details | File | 22 | ntkrnlpa.exe |
|
| Details | File | 2 | c:\windows\system32\ntkrnlpa.exe |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 1 | shared_msaudio_wpgfilter.dat |
|
| Details | File | 30 | s.exe |
|
| Details | File | 2 | 'outpost.exe |
|
| Details | File | 1 | 'aupdrun.exe |
|
| Details | File | 2 | 'op_mon.exe |
|
| Details | File | 3 | 'avp.exe |
|
| Details | File | 1 | %systemroot%\\system32\\rundll32.exe |
|
| Details | File | 12 | 'rundll32.exe |
|
| Details | File | 73 | view.php |
|
| Details | File | 1 | muv4wuredir.cab |
|
| Details | File | 1 | 4091.dll |
|
| Details | File | 1 | soapr32.dll |
|
| Details | File | 1 | 4748.dll |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 50 | alg.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 2 | dat.max |
|
| Details | File | 2 | dat.backup |
|
| Details | File | 1 | hlv473.tmp |
|
| Details | File | 6 | far.exe |
|
| Details | File | 1 | kwi989.tmp |
|
| Details | File | 1 | kwi988.tmp |
|
| Details | File | 1 | ccalc32drv.sys |
|
| Details | File | 18 | 1.dat |
|
| Details | File | 4 | a.url |
|
| Details | File | 1 | c:\program files\common files\microsoft shared\msauthctrl\secindex.dat |
|
| Details | File | 1 | xxxx.inf |
|
| Details | File | 8 | rss.php |
|
| Details | File | 1 | -1.url |
|
| Details | File | 1 | -1.pas |
|
| Details | File | 2 | xxx.inf |
|
| Details | File | 1 | restore_redirection_state.max |
|
| Details | File | 1 | c:\windows\system32\advpck.dat |
|
| Details | File | 1 | c:\windows\system32\ntaps.dat |
|
| Details | File | 1 | ef_trace.txt |
|
| Details | File | 1 | %temp%\dat3c.tmp |
|
| Details | File | 6 | 4.dat |
|
| Details | File | 1 | 381.cab |
|
| Details | File | 1 | wuredir.cab |
|
| Details | File | 1 | muv3wuredir.cab |
|
| Details | File | 1 | version_s.xml |
|
| Details | File | 1 | muident.cab |
|
| Details | File | 1 | wsus3setup.cab |
|
| Details | File | 1 | wusetup.cab |
|
| Details | File | 1 | remote_path_templates.sys |
|
| Details | File | 243 | autorun.inf |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 13 | wpad.dat |
|
| Details | File | 1 | txqvsl.tmp |
|
| Details | File | 1 | mso2a2.tmp |
|
| Details | File | 1 | dra53.tmp |
|
| Details | File | 1 | 4784.dll |
|
| Details | File | 1 | dra52.tmp |
|
| Details | File | 1 | a29.tmp |
|
| Details | File | 2 | ctx.exe |
|
| Details | File | 1 | 00004784.dll |
|
| Details | File | 1 | jimmy.dll |
|
| Details | File | 1 | 00005729.dll |
|
| Details | File | 1 | 00006411.dll |
|
| Details | File | 1 | 00004069.exe |
|
| Details | File | 1 | 0004784.dll |
|
| Details | File | 1 | %windir%\system32\rdcvlt32.exe |
|
| Details | File | 1 | %temp%\sl84.tmp |
|
| Details | File | 9 | wininit.ini |
|
| Details | File | 1 | mssecmgr.dll |
|
| Details | File | 45 | mcshield.exe |
|
| Details | File | 1 | preg.exe |
|
| Details | File | 1 | dcomm.dat |
|
| Details | File | 1 | dmmsapi.dat |
|
| Details | File | 1 | deb83c.tmp |
|
| Details | File | 1 | dfl983.tmp |
|
| Details | File | 1 | df05ac8.tmp |
|
| Details | File | 1 | dfd85d3.tmp |
|
| Details | File | 1 | f28.tmp |
|
| Details | File | 1 | desc.ini |
|
| Details | File | 1 | fib32.bat |
|
| Details | File | 1 | d43a37b.tmp |
|
| Details | File | 1 | dfc855.tmp |
|
| Details | File | 1 | ef_trace.log |
|
| Details | File | 23 | scrcons.exe |
|
| Details | File | 1 | m4aaux.dat |
|
| Details | File | 1 | gppref32.exe |
|
| Details | File | 1 | ia33.tmp |
|
| Details | File | 1 | mpgaud.dat |
|
| Details | File | 1 | a49.tmp |
|
| Details | File | 1 | a38.tmp |
|
| Details | File | 1 | mso2a0.tmp |
|
| Details | File | 1 | mssui.drv |
|
| Details | File | 1 | deb13de.tmp |
|
| Details | File | 3 | mon.exe |
|
| Details | File | 1 | ekz167.tmp |
|
| Details | File | 1 | zwp129.tmp |
|
| Details | File | 1 | dfc634.tmp |
|
| Details | File | 1 | dfc551.tmp |
|
| Details | File | 1 | dfc412.tmp |
|
| Details | File | 3 | tftp.exe |
|
| Details | File | 14 | csvde.exe |
|
| Details | File | 1 | dstrlogh.dat |
|
| Details | File | 3 | hub001.dat |
|
| Details | File | 1 | hub002.dat |
|
| Details | File | 1 | watchxb.sys |
|
| Details | File | 1 | ntaps.dat |
|
| Details | File | 1 | advpck.dat |
|
| Details | File | 1 | commgr32.dll |
|
| Details | File | 1 | comspol32.dll |
|
| Details | File | 1 | rf288.tmp |
|
| Details | File | 1 | rpcnc.dat |
|
| Details | File | 1 | sndmix.drv |
|
| Details | File | 1 | fmpidx.bin |
|
| Details | File | 1 | mixercfg.dat |
|
| Details | File | 1 | audtable.dat |
|
| Details | File | 1 | mixerdef.dat |
|
| Details | File | 1 | posttab.bin |
|
| Details | File | 1 | ctrllist.dat |
|
| Details | File | 1 | authcfg.dat |
|
| Details | File | 1 | a28.tmp |
|
| Details | File | 1 | dfl542.tmp |
|
| Details | File | 1 | dfl543.tmp |
|
| Details | File | 1 | dfl544.tmp |
|
| Details | File | 1 | dfl545.tmp |
|
| Details | File | 1 | dfl546.tmp |
|
| Details | File | 1 | dra51.tmp |
|
| Details | File | 1 | fghz.tmp |
|
| Details | File | 1 | rei524.tmp |
|
| Details | File | 1 | rei525.tmp |
|
| Details | File | 1 | tfl848.tmp |
|
| Details | File | 1 | tfl842.tmp |
|
| Details | File | 1 | %temp%\grb2m2.bat |
|
| Details | File | 1 | %temp%\scaud32.exe |
|
| Details | File | 1 | %temp%\scsec32.exe |
|
| Details | File | 1 | %temp%\sdclt32.exe |
|
| Details | File | 1 | %temp%\sstab.dat |
|
| Details | File | 1 | %temp%\sstab15.dat |
|
| Details | File | 1 | %temp%\winrt32.dll |
|
| Details | File | 1 | %temp%\wpab32.bat |
|
| Details | File | 1 | %windir%\system32\commgr32.dll |
|
| Details | File | 1 | %windir%\system32\comspol32.dll |
|
| Details | File | 1 | %windir%\system32\indsvc32.dll |
|
| Details | File | 1 | %windir%\system32\mssui.drv |
|
| Details | File | 1 | %windir%\system32\scaud32.exe |
|
| Details | File | 1 | %windir%\system32\sdclt32.exe |
|
| Details | File | 1 | %windir%\system32\watchxb.sys |
|
| Details | File | 1 | 8c5ff6c.tmp |
|
| Details | File | 1 | %windir%\system32\sstab0.dat |
|
| Details | File | 1 | %windir%\system32\sstab1.dat |
|
| Details | File | 1 | %windir%\system32\sstab2.dat |
|
| Details | File | 1 | %windir%\system32\sstab3.dat |
|
| Details | File | 1 | %windir%\system32\sstab4.dat |
|
| Details | File | 1 | %windir%\system32\sstab5.dat |
|
| Details | File | 1 | %windir%\system32\sstab6.dat |
|
| Details | File | 1 | %windir%\system32\sstab7.dat |
|
| Details | File | 1 | %windir%\system32\sstab8.dat |
|
| Details | File | 1 | %windir%\system32\sstab10.dat |
|
| Details | File | 1 | %windir%\system32\sstab.dat |
|
| Details | File | 1 | hlv751.tmp |
|
| Details | File | 1 | kwi288.tmp |
|
| Details | File | 1 | kwi282.tmp |
|
| Details | File | 1 | hlv224.tmp |
|
| Details | File | 1 | hlv227.tmp |
|
| Details | File | 1 | %windir%\system32\ccalc32.sys |
|
| Details | File | 1 | %windir%\system32\boot32drv.sys |
|
| Details | File | 1 | %windir%\system32\rpcnc.dat |
|
| Details | File | 1 | %windir%\system32\ntaps.dat |
|
| Details | File | 1 | %windir%\system32\advpck.dat |
|
| Details | md5 | 1 | bb5441af1e1741fca600e9c433cb1550 |
|
| Details | md5 | 1 | d53b39fb50841ff163f6e9cfd8b52c2e |
|
| Details | md5 | 1 | bdc9e04388bda8527b398a8c34667e18 |
|
| Details | md5 | 1 | c9e00c9d94d1a790d5923b050b0bd741 |
|
| Details | md5 | 1 | 296e04abb00ea5f18ba021c34e486746 |
|
| Details | md5 | 1 | 5ad73d2e4e33bb84155ee4b35fbefc2b |
|
| Details | md5 | 1 | dcf8dab7e0fc7a3eaf6368e05b3505c5 |
|
| Details | md5 | 1 | 06a84ad28bbc9365eb9e08c697555154 |
|
| Details | md5 | 1 | ec992e35e794947a17804451f2a8857e |
|
| Details | md5 | 1 | b604c68cd46f8839979da49bb2818c36 |
|
| Details | md5 | 1 | c81d037b723adc43e3ee17b1eee9d6cc |
|
| Details | sha1 | 1 | 28d0d7710761114a44a1a3a425a6883c661f06e7 |
|
| Details | sha1 | 1 | 60d5dbddae21ecb4cfb601a2586dae776ca973ef |
|
| Details | sha1 | 1 | 3a9ac7cd49e10a922abce365f88a6f894f7f1e9e |
|
| Details | sha1 | 1 | a592d49ff32fe130591ecfde006ffa4fb34140d5 |
|
| Details | sha1 | 1 | 7105b17d07fd5b30d5386862a3b9cc1ff53a2398 |
|
| Details | sha1 | 1 | 5fdd7f613db43a5b0dbec8583d30ea7064983106 |
|
| Details | sha1 | 1 | faaef4933e5f738e2abaff3089d36801dd871e89 |
|
| Details | sha1 | 1 | 8b591dd7cd44d8abae7024ca2cc26034457dd50e |
|
| Details | sha1 | 1 | 25fc20eedd7bfca26cf5fad1fade13b05c9a2d20 |
|
| Details | sha1 | 1 | e608a6d9f0ab379e62119656e30eef12542f2263 |
|
| Details | sha1 | 1 | 7a1351c084a556bdceaf221a43cb69579ca7b9bb |
|
| Details | sha1 | 1 | d4b21620d68fdc44caa20362a417b251ff833761 |
|
| Details | IPv4 | 1 | 10.55.55.55 |
|
| Details | Pdb | 1 | vc32.pdb |
|
| Details | Pdb | 1 | ndsvc32.pdb |
|
| Details | Url | 4 | http://www.crysys.hu |
|
| Details | Url | 3 | http://www.bme.hu |
|
| Details | Url | 2 | http://www.certcc.ir/index.php?name=news&file=article&sid=1894 |
|
| Details | Url | 1 | http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab |
|
| Details | Url | 1 | https://xxxx.info:443/cgi-bin/counter.cgi |