{
	"id": "ae55fbc4-c21a-4826-a09e-381257b1e68a",
	"created_at": "2026-04-06T00:07:08.859833Z",
	"updated_at": "2026-04-10T03:22:11.836025Z",
	"deleted_at": null,
	"sha1_hash": "1b6e8d41db6335e17b40ba0bfd60f1e9b6e33b4d",
	"title": "Shamoon or DistTrack.A samples",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 70038,
	"plain_text": "Shamoon or DistTrack.A samples\r\nArchived: 2026-04-02 12:28:23 UTC\r\nDownload all the files listed below (New Link)\r\nd214c717a357fe3a455610b197c390aa \r\ntrksvr.exe\r\n12288:Xfz3ZXNPcwmGWdCCg98gJWGG2EbzXHlk3qBUb7UbXfzZdE5Ng98gJWb2Ebzm3q\r\nhttp://www.sophos.com/de-de/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-ELD/detailed-analysis.aspx\r\nPE info\r\nUninitializedDataSize     : 0\r\nInitializedDataSize       : 913408\r\nImageVersion              : 0.0\r\nProductName               : Microsoft   Windows   Operating System\r\nFileVersionNumber         : 5.2.3790.0\r\nLanguageCode              : English (U.S.)\r\nFileFlagsMask             : 0x003f\r\nFileDescription           : Distributed Link Tracking Server\r\nCharacterSet              : Unicode\r\nLinkerVersion             : 10.0\r\nFileOS                    : Windows NT 32-bit\r\nMIMEType                  : application/octet-stream\r\nSubsystem                 : Windows command line\r\nFileVersion               : 5.2.3790.0 (srv03_rtm.030324-2048)\r\nTimeStamp                 : 2012:08:10 00:46:22+02:00\r\nFileType                  : Win32 EXE\r\nPEType                    : PE32\r\nInternalName              : Distributed Link Tracking Server\r\nProductVersion            : 5.2.3790.0\r\nSubsystemVersion          : 5.1\r\nOSVersion                 : 5.1\r\nOriginalFilename          : trksvr\r\nLegalCopyright            :    Microsoft Corporation. All rights reserved.\r\nMachineType               : Intel 386 or later, and compatibles\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 1 of 17\n\nCompanyName               : Microsoft Corporation\r\nCodeSize                  : 84480\r\nFileSubtype               : 0\r\nProductVersionNumber      : 5.2.3790.0\r\nEntryPoint                : 0x892b\r\nObjectFileType            : Executable application\r\nPE Signature\r\n============\r\nPublisher                 : Microsoft Corporation\r\nProduct                   : Microsoft_ Windows_ Operating System\r\nInternal name             : Distributed Link Tracking Server\r\nCopyright                 : (c) Microsoft Corporation. All rights reserved.\r\nOriginal name             : trksvr\r\nFile version              : 5.2.3790.0 (srv03_rtm.030324-2048)\r\nDescription               : Distributed Link Tracking Server\r\nhttps://www.securelist.com/en/blog?SSL=1#\r\nASCI strings\r\nFile: D214C717A357FE3A455610B197C390AA\r\nMD5:  d214c717a357fe3a455610b197c390aa\r\nSize: 989184\r\nWow64DisableWow64FsRedirection\r\nWow64RevertWow64FsRedirection\r\nstring too long\r\ninvalid string position\r\nSchedule\r\nJobAdd\r\nvector\u003cT\u003e too long\r\nios_base::eofbit set\r\nios_base::failbit set\r\nios_base::badbit set\r\nbad locale name\r\nbad cast\r\nc:\\windows\\temp\\out17626867.txt\r\nkijjjjnsnjbnncbknbkjadc\r\nkjsdjbhjsdbhfcbsjkhdf  jhg jkhg hjk hjk \r\nslkdfjkhsbdfjbsdf\r\nklsjdfjhsdkufskjdfh\r\ngeneric\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 2 of 17\n\niostream\r\nsystem\r\niostream stream error\r\nUnknown exception\r\nbad allocation\r\nCorExitProcess\r\n !\"#$%\u0026'()*+,-./0123456789:;\u003c=\u003e?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\r\n !\"#$%\u0026'()*+,-./0123456789:;\u003c=\u003e?\r\n@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\r\nLC_TIME\r\nLC_NUMERIC\r\nLC_MONETARY\r\nLC_CTYPE\r\nLC_COLLATE\r\nLC_ALL\r\n !\"#$%\u0026'()*+,-./0123456789:;\u003c=\u003e?\r\n@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\r\nVisual C++ CRT: Not enough memory to complete call to strerror.\r\nbad exception\r\nFlsFree\r\nFlsSetValue\r\nFlsGetValue\r\nFlsAlloc\r\nHH:mm:ss\r\ndddd, MMMM dd, yyyy\r\nMM/dd/yy\r\nDecember\r\nNovember\r\nOctober\r\nSeptember\r\nAugust\r\nJuly\r\nJune\r\nApril\r\nMarch\r\nFebruary\r\nJanuary\r\nSaturday\r\nFriday\r\nThursday\r\nWednesday\r\nTuesday\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 3 of 17\n\nMonday\r\nSunday\r\nunited-states\r\nunited-kingdom\r\ntrinidad \u0026 tobago\r\nsouth-korea\r\nsouth-africa\r\nsouth korea\r\nsouth africa\r\nslovak\r\npuerto-rico\r\npr-china\r\npr china\r\nnew-zealand\r\nhong-kong\r\nholland\r\ngreat britain\r\nengland\r\nczech\r\nchina\r\nbritain\r\namerica\r\nswiss\r\nswedish-finland\r\nspanish-venezuela\r\nspanish-uruguay\r\nspanish-puerto rico\r\nspanish-peru\r\nspanish-paraguay\r\nspanish-panama\r\nspanish-nicaragua\r\nspanish-modern\r\nspanish-mexican\r\nspanish-honduras\r\nspanish-guatemala\r\nspanish-el salvador\r\nspanish-ecuador\r\nspanish-dominican republic\r\nspanish-costa rica\r\nspanish-colombia\r\nspanish-chile\r\nspanish-bolivia\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 4 of 17\n\nspanish-argentina\r\nportuguese-brazilian\r\nnorwegian-nynorsk\r\nnorwegian-bokmal\r\nnorwegian\r\nitalian-swiss\r\nirish-english\r\ngerman-swiss\r\ngerman-luxembourg\r\ngerman-lichtenstein\r\ngerman-austrian\r\nfrench-swiss\r\nfrench-luxembourg\r\nfrench-canadian\r\nfrench-belgian\r\nenglish-usa\r\nenglish-us\r\nenglish-uk\r\nenglish-trinidad y tobago\r\nenglish-south africa\r\nenglish-nz\r\nenglish-jamaica\r\nenglish-ire\r\nenglish-caribbean\r\nenglish-can\r\nenglish-belize\r\nenglish-aus\r\nenglish-american\r\ndutch-belgian\r\nchinese-traditional\r\nchinese-singapore\r\nchinese-simplified\r\nchinese-hongkong\r\nchinese\r\ncanadian\r\nbelgian\r\naustralian\r\namerican-english\r\namerican english\r\namerican\r\nNorwegian-Nynorsk\r\nIllegal byte sequence\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 5 of 17\n\nDirectory not empty\r\nFunction not implemented\r\nNo locks available\r\nFilename too long\r\nResource deadlock avoided\r\nResult too large\r\nDomain error\r\nBroken pipe\r\nToo many links\r\nRead-only file system\r\nInvalid seek\r\nNo space left on device\r\nFile too large\r\nInappropriate I/O control operation\r\nToo many open files\r\nToo many open files in system\r\nInvalid argument\r\nIs a directory\r\nNot a directory\r\nNo such device\r\nImproper link\r\nFile exists\r\nResource device\r\nUnknown error\r\nBad address\r\nPermission denied\r\nNot enough space\r\nResource temporarily unavailable\r\nNo child processes\r\nBad file descriptor\r\nExec format error\r\nArg list too long\r\nNo such device or address\r\nInput/output error\r\nInterrupted function call\r\nNo such process\r\nNo such file or directory\r\nOperation not permitted\r\nNo error\r\nUTF-8\r\nUTF-16LE\r\nUNICODE\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 6 of 17\n\nComplete Object Locator'\r\n Class Hierarchy Descriptor'\r\n Base Class Array'\r\n Base Class Descriptor at (\r\n Type Descriptor'\r\n`local static thread guard'\r\n`managed vector copy constructor iterator'\r\n`vector vbase copy constructor iterator'\r\n`vector copy constructor iterator'\r\n`dynamic atexit destructor for '\r\n`dynamic initializer for '\r\n`eh vector vbase copy constructor iterator'\r\n`eh vector copy constructor iterator'\r\n`managed vector destructor iterator'\r\n`managed vector constructor iterator'\r\n`placement delete[] closure'\r\n`placement delete closure'\r\n`omni callsig'\r\n delete[]\r\n new[]\r\n`local vftable constructor closure'\r\n`local vftable'\r\n`RTTI\r\n`udt re\r\nturning'\r\n`copy constructor closure'\r\n`eh vector vbase constructor iterator'\r\n`eh vector destructor iterator'\r\n`eh vector constructor iterator'\r\n`virtual displacement map'\r\n`vector vbase constructor iterator'\r\n`vector destructor iterator'\r\n`vector constructor iterator'\r\n`scalar deleting destructor'\r\n`default constructor closure'\r\n`vector deleting destructor'\r\n`vbase destructor'\r\n`string'\r\n`local static guard'\r\n`typeof'\r\n`vcall'\r\n`vbtable'\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 7 of 17\n\n`vftable'\r\noperator\r\n delete\r\n new\r\n__unaligned\r\n__restrict\r\n__ptr64\r\n__eabi\r\n__clrcall\r\n__fastcall\r\n__thiscall\r\n__stdcall\r\n__pascal\r\n__cdecl\r\n__based(\r\nGetProcessWindowStation\r\nGetUserObjectInformationW\r\nGetLastActivePopup\r\nGetActiveWindow\r\nMessageBoxW\r\nNetScheduleJobDel\r\nNetApiBufferFree\r\nNetApiBufferAllocate\r\nNetRemoteTOD\r\nNETAPI32.dll\r\nWS2_32.dll\r\nGetTickCount\r\nCloseHandle\r\nProcess32NextW\r\nProcess32FirstW\r\nCreateToolhelp32Snapshot\r\nOpenProcess\r\nGetCurrentProcess\r\nVirtualFree\r\nVirtualAlloc\r\nLocalFree\r\nSleep\r\nLocalAlloc\r\nGetLastError\r\nMoveFileExW\r\nDeleteFileW\r\nGetProcAddress\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 8 of 17\n\nGetModuleHandleW\r\nWriteFile\r\nCreateFileW\r\nSizeofResource\r\nLockResource\r\nLoadResource\r\nFindResourceW\r\nGetCommandLineW\r\nGetFileTime\r\nGetWindowsDirectoryW\r\nSetFileTime\r\nCreateThread\r\nCreateProcessW\r\nCopyFileW\r\nMoveFileW\r\nReadFile\r\nGetSystemTime\r\nLeaveCriticalSection\r\nEnterCriticalSection\r\nDeleteCriticalSection\r\nWaitForSingleObject\r\nInitializeCriticalSection\r\nKERNEL32.dll\r\nLoadImageW\r\nUSER32.dll\r\nStartServiceW\r\nRegCloseKey\r\nRegDeleteValueW\r\nRegOpenKeyExW\r\nChan\r\ngeServiceConfig2W\r\nCreateServiceW\r\nCloseServiceHandle\r\nChangeServiceConfigW\r\nQueryServiceConfigW\r\nOpenServiceW\r\nOpenSCManagerW\r\nRegQueryValueExW\r\nStartServiceCtrlDispatcherW\r\nSetServiceStatus\r\nRegisterServiceCtrlHandlerW\r\nADVAPI32.dll\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 9 of 17\n\nCommandLineToArgvW\r\nSHELL32.dll\r\nInterlockedIncrement\r\nInterlockedDecrement\r\nEncodePointer\r\nDecodePointer\r\nRaiseException\r\nRtlUnwind\r\nHeapFree\r\nExitProcess\r\nHeapSetInformation\r\nWideCharToMultiByte\r\nLCMapStringW\r\nMultiByteToWideChar\r\nGetCPInfo\r\nHeapAlloc\r\nIsProcessorFeaturePresent\r\nTerminateProcess\r\nUnhandledExceptionFilter\r\nSetUnhandledExceptionFilter\r\nIsDebuggerPresent\r\nTlsAlloc\r\nTlsGetValue\r\nTlsSetValue\r\nTlsFree\r\nSetLastError\r\nGetCurrentThreadId\r\nHeapCreate\r\nSetHandleCount\r\nGetStdHandle\r\nInitializeCriticalSectionAndSpinCount\r\nGetFileType\r\nGetStartupInfoW\r\nGetConsoleCP\r\nGetConsoleMode\r\nFlushFileBuffers\r\nSetFilePointer\r\nLoadLibraryW\r\nGetLocaleInfoW\r\nGetModuleFileNameW\r\nFreeEnvironmentStringsW\r\nGetEnvironmentStringsW\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 10 of 17\n\nQueryPerformanceCounter\r\nGetCurrentProcessId\r\nGetSystemTimeAsFileTime\r\nGetACP\r\nGetOEMCP\r\nIsValidCodePage\r\nGetStringTypeW\r\nHeapReAlloc\r\nHeapSize\r\nGetUserDefaultLCID\r\nGetLocaleInfoA\r\nEnumSystemLocalesA\r\nIsValidLocale\r\nWriteConsoleW\r\nSetStdHandle\r\nCreateFileA\r\nSetEndOfFile\r\nGetProcessHeap\r\n.?AVbad_alloc@std@@\r\n.?AVexception@std@@\r\n.?AVruntime_error@std@@\r\n.?AVfacet@locale@std@@\r\n.?AVcodecvt_base@std@@\r\n.?AUctype_base@std@@\r\n.?AVios_base@std@@\r\n.?AV?$_Iosb@H@std@@\r\n.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@\r\n.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@\r\n.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@\r\n.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@\r\n.?AV?$ctype@D@std@@\r\n.?AVsystem_error@std@@\r\n.?AVfailure@ios_base@std@@\r\n.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@\r\n.?AV?$codecvt@DDH@std@@\r\n.?AVbad_cast@std@@\r\n.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@\r\n.?AV?$basic_fstream@DU?$char_traits@D@std@@@std@@\r\n.?AVlogic_error@std@@\r\n.?AVlength_error@std@@\r\n.?AVout_of_range@std@@\r\n.?AV_Locimp@locale@std@@\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 11 of 17\n\n.?AVerror_category@std@@\r\n.?AV_Generic_error_category@std@@\r\n.?AV_Iostream_error_category@std@@\r\n.?AV_System_error_category@std@@\r\nCopyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.\r\n.?AVtype_info@@\r\n.?AVbad_exception@std@@\r\n                          abcdefghijklmnopqrstuvwxyz\r\nABCDEFGHIJKLMNOPQRSTUVWXYZ\r\n                          abcdefghijklmnopqrstuvwxyz\r\nABCDEFGHIJKLMNOPQRSTUVWXYZ\r\nKG=]\r\n\u003e]H:\r\nuD^5\r\n_D`j\r\n^+'o\r\n^#WkW+K\r\n_aFNZ-kS3~\r\nK^#s\r\nK^aCN\r\n^#WkW+K\r\n_aFNZ-Unicode Strings:\r\n---------------------------------------------------------------------------\r\njjjjj\r\n@LanmanWorkstation\r\nWOW64\r\nSYSTEM\\CurrentControlSet\\Services\\TrkSvr\r\nDistributed Link Tracking Server\r\nEnables the Distributed Link Tracking Client service within the same domain to provide more reliable and\r\nefficient maintenance of links within the domain. If this service is disabled, any services that explicitly depend on\r\nit will fail to start.\r\nRpcSs\r\nC:\\Windows\\system32\\svchost.exe -k netsvcs\r\nTrkSvr\r\n.exe\r\nkernel32.dll\r\namd64\r\nAMD64\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 12 of 17\n\nPROCESSOR_ARCHITECTURE\r\nSYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\r\nntrksvr.exe\r\ntrksrv.exe\r\nnetinit\r\n\\system32\\kernel32.dll\r\nnetapi32.dll\r\n%SystemRoot%\\System32\\\r\n\\system32\\\r\n\\system32\\csrss.exe\r\nE$\\WINDOWS\r\nD$\\WINDOWS\r\nC$\\WINDOWS\r\nADMIN$\r\n\\inf\\netft429.pnf\r\nPKCS7\r\n\\System32\\cmd.exe /c \"ping -n 30 127.0.0.1 \u003enul \u0026\u0026 sc config TrkSvr binpath= system32\\trksrv.exe \u0026\u0026 ping -n\r\n10 127.0.0.1 \u003enul \u0026\u0026 sc start TrkSvr \"\r\nX509\r\nmyimage12767\r\nPKCS12\r\nwow32\r\nmscoree.dll\r\n         (((((                  H\r\n         h((((                  H\r\n                                 H\r\nAKERNEL32.DLL\r\nruntime error\r\nTLOSS error\r\nSING error\r\nDOMAIN error\r\nR6033\r\n- Attempt to use MSIL code from this assembly during native code initialization\r\nThis indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function\r\nfrom a native constructor or from DllMain.\r\nR6002\r\n- floating point support not loaded\r\nAMicrosoft Visual C++ Runtime Library\r\n\u003cprogram name unknown\u003e\r\nRuntime Error!\r\nProgram:\r\nHH:mm:ss\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 13 of 17\n\ndddd, MMMM dd, yyyy\r\nMM/dd/yy\r\nDecember\r\nNovember\r\nOctober\r\nSeptember\r\nAugust\r\nJuly\r\nJune\r\nApril\r\nMarch\r\nFebruary\r\nJanuary\r\nSaturday\r\nFriday\r\nThursday\r\nWednesday\r\nTuesday\r\nMonday\r\nSunday\r\nEccs\r\nUTF-8\r\nUTF-16LE\r\nUNICODE\r\nWUSER32.DLL\r\nCONOUT$\r\ncaclsrv\r\ncertutl\r\nclean\r\nctrl\r\ndfrag\r\ndnslookup\r\ndvdquery\r\nevent\r\nfindfile\r\ngpget\r\nipsecure\r\niissrv\r\nmsinit\r\nntfrsutil\r\nntdsutl\r\npower\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 14 of 17\n\nrdsadmin\r\nregsys\r\nsigver\r\nrouteman\r\nrrasrv\r\nsacses\r\nsfmsc\r\nsmbinit\r\nwcscript\r\nntnw\r\nnetx\r\nfsutl\r\nextract\r\n\\system32\\\r\ntest123\r\ntest456\r\ntest789\r\ntestdomain.com\r\n123123\r\n456456\r\n789789\r\nPKCS12\r\nPKCS7\r\nX509\r\nVS_VERSION_INFO\r\nStringFileInfo\r\n040904b0\r\nCompanyName\r\nMicrosoft Corporation\r\nFileDescription\r\nDistributed Link Tracking Server\r\nFileVersion\r\n5.2.3790.0 (srv03_rtm.030324-2048)\r\nInternalName\r\nDistributed Link Tracking Server\r\nLegalCopyright\r\n Microsoft Corporation. All rights reserved.\r\nOriginalFilename\r\ntrksvr\r\nProductName\r\nMicrosoft\r\n Windows\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 15 of 17\n\nOperating System\r\nProductVersion\r\n5.2.3790.0\r\nVarFileInfo\r\nTranslation\r\n https://www.virustotal.com/file/f9d94c5de86aa170384f1e2e71d95ec373536899cb7985633d3ecfdb67af0f72/analysis/\r\nSHA256:     f9d94c5de86aa170384f1e2e71d95ec373536899cb7985633d3ecfdb67af0f72\r\nSHA1:     502920a97e01c2d022ac401601a311818f336542\r\nMD5:     d214c717a357fe3a455610b197c390aa\r\nFile size:     966.0 KB ( 989184 bytes )\r\nFile name:     str.exe\r\nFile type:     Win32 EXE\r\nTags:     peexe\r\nDetection ratio:     22 / 42\r\nAnalysis date:     2012-08-16 13:57:43 UTC ( 16 hours, 25 minutes ago )\r\nAntiVir     TR/Crypt.FKM.Gen     20120816\r\nAvast     Win32:Malware-gen     20120816\r\nAVG     unknown virus Win32/DH{A2cI}     20120815\r\nBitDefender     Gen:Trojan.Heur.8u0@ILmUdSm     20120816\r\nCommtouch     W32/Dropper.gen8!Maximus     20120816\r\nComodo     UnclassifiedMalware     20120816\r\nEmsisoft     Trojan.Win32.Spy!IK     20120816\r\nF-Prot     W32/Dropper.gen8!Maximus     20120815\r\nF-Secure     Gen:Trojan.Heur.8u0@ILmUdSm     20120816\r\nGData     Gen:Trojan.Heur.8u0@ILmUdSm     20120816\r\nIkarus     Trojan.Win32.Spy     20120816\r\nJiangmin     Trojan/Generic.aninx     20120816\r\nK7AntiVirus     Trojan     20120815\r\nKaspersky     HEUR:Trojan.Win32.Generic     20120816\r\nMcAfee     W32/DistTrack     20120816\r\nMcAfee-GW-Edition     W32/DistTrack     20120816\r\nNorman     W32/Troj_Generic.DKYIW     20120816\r\nSophos     Troj/Mdrop-ELD     20120816\r\nSymantec     W32.DistTrack     20120816\r\nTrendMicro     TROJ_DISTTRACK.A     20120816\r\nTrendMicro-HouseCall     TROJ_DISTTRACK.A     20120816\r\nVIPRE     Trojan.Win32.Generic!BT     20120816\r\nhttps://www.virustotal.com/file/4f02a9fcd2deb3936ede8ff009bd08662bdb1f365c0f4a78b3757a98c2f40400/analysis/\r\n SHA256:     4f02a9fcd2deb3936ede8ff009bd08662bdb1f365c0f4a78b3757a98c2f40400\r\nSHA1:     7c0dc6a8f4d2d762a07a523f19b7acd2258f7ecc\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 16 of 17\n\nMD5:     b14299fd4d1cbfb4cc7486d978398214\r\nFile size:     966.0 KB ( 989184 bytes )\r\nFile name:     str.exe\r\nFile type:     Win32 EXE\r\nTags:     peexe\r\nDetection ratio:     21 / 42\r\nAnalysis date:     2012-08-16 13:39:56 UTC ( 16 hours, 44 minutes ago )\r\nAntiVir     TR/Crypt.FKM.Gen     20120816\r\nAvast     Win32:Malware-gen     20120816\r\nAVG     unknown virus Win32/DH{A2cI}     20120815\r\nBitDefender     Gen:Trojan.Heur.8u0@ILmUdSm     20120816\r\nCommtouch     W32/Dropper.gen8!Maximus     20120816\r\nComodo     UnclassifiedMalware     20120816\r\nEmsisoft     Trojan.Win32.Spy!IK     20120816\r\nF-Prot     W32/Dropper.gen8!Maximus     20120815\r\nF-Secure     Gen:Trojan.Heur.8u0@ILmUdSm     20120816\r\nGData     Gen:Trojan.Heur.8u0@ILmUdSm     20120816\r\nIkarus     Trojan.Win32.Spy     20120816\r\nK7AntiVirus     Trojan     20120815\r\nKaspersky     HEUR:Trojan.Win32.Generic     20120816\r\nMcAfee     W32/DistTrack     20120816\r\nMcAfee-GW-Edition     W32/DistTrack     20120816\r\nNorman     W32/Troj_Generic.DLKSV     20120816\r\nSophos     Troj/Mdrop-ELD     20120816\r\nSUPERAntiSpyware     -     20120816\r\nSymantec     W32.DistTrack     20120816\r\nTrendMicro     TROJ_DISTTRACK.A     20120816\r\nTrendMicro-HouseCall     TROJ_DISTTRACK.A     20120816\r\nVIPRE     Trojan.Win32.Generic!BT     20120816\r\nVirusBuster     -\r\nSource: http://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nhttp://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html\r\nPage 17 of 17",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"http://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html"
	],
	"report_names": [
		"shamoon-or-disttracka-samples.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434028,
	"ts_updated_at": 1775791331,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1b6e8d41db6335e17b40ba0bfd60f1e9b6e33b4d.pdf",
		"text": "https://archive.orkl.eu/1b6e8d41db6335e17b40ba0bfd60f1e9b6e33b4d.txt",
		"img": "https://archive.orkl.eu/1b6e8d41db6335e17b40ba0bfd60f1e9b6e33b4d.jpg"
	}
}