W32.Duqu
Image Description
Common Information
Type Value
UUID d19c4533-2353-4572-9f55-b6cfd1600a49
Fingerprint 8c556df10b0e68475294af06105404f34c971709d45dff4b3ec854aae69593dd
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 23, 2011, 7:43 p.m.
Added to db Oct. 1, 2024, 2:30 p.m.
Last updated Oct. 1, 2024, 2:33 p.m.
Headline W32.Duqu
Title W32.Duqu
Detected Hints/Tags/Attributes 190/4/112
Attributes
Details Type #Events CTI Value
Details Domain 369
microsoft.com
Details Domain 4
dyndns.org
Details Domain 216
www.symantec.com
Details Domain 2
netp191.zdata.mz
Details Domain 3
www.sunbeltsecurity.com
Details Domain 1
aq.aq
Details Domain 80
www.eset.com
Details Domain 7
www.geoffchappell.com
Details Domain 5
www.csmonitor.com
Details File 4
jminet7.sys
Details File 3
cmi4432.sys
Details File 306
services.exe
Details File 1
nfred965.sys
Details File 1
nred961.sys
Details File 1
adp55xx.sys
Details File 3
adpu321.sys
Details File 1
iastor451.sys
Details File 1
allide1.sys
Details File 1
iraid18.sys
Details File 1
noname.sys
Details File 3
igdkmd16b.sys
Details File 533
ntdll.dll
Details File 478
lsass.exe
Details File 748
kernel32.dll
Details File 17
mrxcls.sys
Details File 1260
explorer.exe
Details File 263
iexplore.exe
Details File 199
firefox.exe
Details File 29
pccntmon.exe
Details File 119
avp.exe
Details File 45
mcshield.exe
Details File 23
avguard.exe
Details File 42
bdagent.exe
Details File 8
umxcfg.exe
Details File 14
fsdfwd.exe
Details File 28
rtvscan.exe
Details File 35
ccsvchst.exe
Details File 53
ekrn.exe
Details File 7
tmproxy.exe
Details File 14
ravmond.exe
Details File 212
winlogon.exe
Details File 1122
svchost.exe
Details File 1
resource302.dll
Details File 1
dq7.tmp
Details File 1
net7.sys
Details File 7
keylogger.exe
Details File 2
res302.dll
Details File 2
ntddl.dll
Details File 2
cmi4432_res302.dll
Details File 2
203627.dll
Details File 2
nep191_res302.dll
Details File 2
cmi4432_203627.dll
Details File 2
cmi4432.dll
Details File 10
360rp.exe
Details File 21
360sd.exe
Details File 10
%systemroot%\system32\lsass.exe
Details File 5
%systemroot%\system32\winlogon.exe
Details File 32
%systemroot%\system32\svchost.exe
Details File 185
shell32.dll
Details File 2
c:\\windows\\system32\\drivers\\jminet7.sys
Details File 125
ntoskrnl.exe
Details File 2
jmp_ntoskrnl.exe
Details File 2
cwsandboxreport.aspx
Details File 2
dsc00001.jpg
Details File 4
stuxnet_under_the_microscope.pdf
Details File 29
www.geo
Details File 2
viewer.htm
Details File 2
mrxcls.htm
Details File 6
w32_stuxnet_dossier.pdf
Details File 252
www.cs
Details md5 3
9749d38ae9b9ddd81b50aad679ee87ec
Details md5 2
4c804ef67168e90da2c3da58b60c3d16
Details md5 2
856a13fcae0407d83499fc9c3dd791ba
Details md5 2
92aa68425401ffedcfba4235584ad487
Details md5 1
164aa9cd56d900341535551464af43b7
Details md5 1
66a7e49ef0ebf10fb54621861c6dbfff
Details md5 2
0a566b1616c8afeef214372b1a0580c7
Details md5 2
0eecd17c6c215b358b7b872b74bfd800
Details md5 1
3B51F48378A26F664BF26B32496BD72A
Details md5 2
3d83b077d32c422d6c7016b5083b9fc2
Details md5 2
4541e850a228eb69fd0f0e924624b245
Details md5 1
7A331793E65863EFA5B5DA4FD5023695
Details md5 2
94c4ef91dfcd0c53a96fdc387f9f9c35
Details md5 1
a0a976215f619a33bf7f52e85539a513
Details md5 1
a1d2a954388775513b3c7d95ab2c9067
Details md5 2
b4ac366e24204d821376653279cbad86
Details md5 2
c9a31ea148232b201fe7cb7db5c75f5e
Details md5 1
dccffd4d2fc6a602bea8fdc1fa613dd4
Details md5 2
e8d6b4dadb96ddb58775e6c85b10b6cc
Details md5 1
f60968908f03372d586e71d87fe795cd
Details sha1 2
192f3f7c40fa3aaa4978ebd312d96447e881a473
Details sha1 2
588476196941262b93257fd89dd650ae97736d4d
Details sha1 2
f8f116901ede1ef59c05517381a3e55496b66485
Details sha1 3
d17c6a9ed7299a8a55cd962bdb8a5a974d0cb660
Details sha1 2
723c71bd7a6c1a02fa6df337c926410d0219103a
Details sha1 2
3ef572cd2b3886e92d1883e53d7c8f7c1c89a4b4
Details sha1 2
c4e51498693cebf6d0cf22105f30bc104370b583
Details sha256 2
901e0000fbf7cf4ef06d2695ec6968fae71bca841f0b4ffd2cb0699001a8a30e
Details sha256 2
600e0000998281bb47abfc237906077f116f0afdb09a5603ab782e6e13099ee5
Details IPv4 4
206.183.111.97
Details IPv4 2
77.241.93.160
Details IPv4 1
123.30.137.117
Details IPv4 1
68.132.129.18
Details IPv4 4
1.9.2.9
Details Url 2
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=85625782&cs=f61afbecf2457
Details Url 1
http://www.eset.com/resources/white‐papers/stuxnet_under_the_microscope.pdf
Details Url 2
http://www.geoffchappell.com/viewer.htm?doc=notes
Details Url 2
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepaper
Details Url 1
http://www.csmonitor.com/usa/2011/0922/from
Details Windows Registry Key 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Details Windows Registry Key 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JmiNET3
Details Windows Registry Key 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JmiNET3\Enum