General
-
Target
3a14c783fb9bc53d2dbb1e424b1cdc4c815c98f194f72ab84d07824b249bb9ea
-
Size
1.9MB
-
Sample
221124-nn88eseb9y
-
MD5
ec62d7b126fd07d3d2000323ffa5ee40
-
SHA1
d4f9d8a4aeab87e558b1570ef2dda3292d84dea3
-
SHA256
3a14c783fb9bc53d2dbb1e424b1cdc4c815c98f194f72ab84d07824b249bb9ea
-
SHA512
95c95e6cd6c7219dbd5ef27a0ce2d30a5601e5f8b7318bee5ea67a73643a80903cbd67c130fa3b890b79ba530ef2721756778077832e093dda32277042583722
-
SSDEEP
49152:s2Rvun8tGDf4FaJ5VO0P3wbLjrd9Id170wTcL3AbR3APBDmEtf51V:DG84L4FaJ5823wbHIHIwe3AbRhI51V
Malware Config
Targets
-
-
Target
ļ/KLD_ļ.exe
-
Size
310KB
-
MD5
27919ad98c77507520bfe8e0d8997fe2
-
SHA1
cace9886dceac2eead1874c59247df0af65e974d
-
SHA256
53c95c72c65416699daa45e7399c67ddbc8c6c340e4f9f9179f3c1692ef26f2f
-
SHA512
8a6ab6e71527f8e6b7a261c0661f46bd3494fbdcc60b3150b5dfa3e8672e7a56ace9a369be0eef0af54a527a085d820962686bca845fa079fff049b960b96ea4
-
SSDEEP
6144:nnXv/RouWKhZ32eTsELh8nWoTL0KYmCh3VuPhTAOpM/:nnf5XZdZ+X
Score8/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
ļ/°汾鿴.exe
-
Size
816KB
-
MD5
87192265e13bdbb9faf7a617f8b546c6
-
SHA1
f7cb3cdcb6c87f42d5db8ff19e7471f5730a1fac
-
SHA256
09c4eb7f6e8a050eb2e7c4128fb6646ae8cd0c4c6b624276cc0c16cb223dcf12
-
SHA512
928f1dcfb993a89c986b925095bfc8688459dbde8ea81b1cdff6705b0ebe7bd3aa784644144101b6c43971934003ff0283f59b14d356a6ed12f0a88fd37ecb1b
-
SSDEEP
24576:O3xEEHH8YHQWlz4Ai5NB4ZAWH/O6Yd9V1YYgtXsh:d+8YHFz47XMAo/jw9ndB
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
ļ/C-CAR V4.0.exe
-
Size
888KB
-
MD5
48823035db6304e5db44cc9afea61cd5
-
SHA1
06504d10f4b606dcfba184d796126b2d98522648
-
SHA256
949bd8ebbdedc72604831798f5bca18a4a00dcd7e49dfe1875ce3dee5ca7170b
-
SHA512
2b9e5f0ae9f6595093fd0cf6f9d3cbffa2406a75d0942102317681d35b6c04e2e8e23e59e97a054fe9a51500cc1be8c26e1554b810c9be8c0effb84b646055c8
-
SSDEEP
24576:CKWiy//RzKmWnAP+QYOf+VpyOFRAitKGgy0U4bzGFHfJvx:vydVP+QYBVgOFRAHny0UYq7J
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
ļ/ļϸ˵.doc
-
Size
37KB
-
MD5
d33370d3e7a4a83460906c80b106ae65
-
SHA1
2cf9bdebbfa34417a3cc1777e1f414ef4dc7dda2
-
SHA256
5112137b1d5e6555dfb09427687c31f5ef47cb38efd6fc460cbede7436d6be17
-
SHA512
6aad689b23164a3c132a976eda1b488867415b90ec2cc2096266792901686bf46c3902b6cdbaf926f414ffca465116a9592d00dad59e803b189268a0fdfe97d3
-
SSDEEP
768:2ppdMetQq+80P/VBcd9j0NwEOvCx5yfXLNtHaw:ipdMLEjbNtH
Score4/10 -
-
-
Target
ļ V4.0 - PC6 - ͼ.url
-
Size
230B
-
MD5
79e7c2a2534de4d66794f72659534bbf
-
SHA1
4d1211519ae9498ab6b1e7492dc0e793b68be483
-
SHA256
63e9775ad5250e91b95997cb6a1ce94d0f0e36ab5e868a0b27c99cccecf90d01
-
SHA512
89e4805273573c7dcc2ca7685f00c7ff238d342d6c4c2c9700542f12a92dea29855fede180b241052383425883cb348c36cec1ac4c42128f8ae361aea12e0596
Score1/10 -