3691932e8d0bb5099866003d28ca0587

Sharing

Copy URL Twitter E-mail

General

Target

3691932e8d0bb5099866003d28ca0587
Size

1.1MB
MD5

3691932e8d0bb5099866003d28ca0587
SHA1

e083e6520ee33334c83b6ed50fddb985b8943a6f
SHA256

7f8aeecadebd37871950884a6df89c630968ed88edabdb6e88bd7a7ebfef0ff5
SHA512

9b8b3c7320a198d25af5eace5c44815996c92f64d9dfe56cd2f73b75096d3db92f1d1c03a3d7dfcdc732246793c071994ef745076b9f206bb4c5e86c640e5257
SSDEEP

24576:XV9y0qjmSv9R85sdOeT9741qjmSv9R85sdOeT9740lmh6vGEK:jpqjb1R8CsM7kqjb1R8CsM7Hl5vtK

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Flash CS4/1000000b00002i/verclsid.exe
unpack001/Flash CS4/400000148c00002i/Flash.exe
unpack001/Flash CS4/4000009a00002i/iexplore.exe
unpack001/Flash CS4/400000a400003i/FNPLicensingService.exe

Files

3691932e8d0bb5099866003d28ca0587
.zip
Flash CS4/%Common AppData%/FLEXnet/adobe_00080000_event.log
Flash CS4/%Common AppData%/FLEXnet/adobe_00080000_tsf.data
Flash CS4/%Cookies%/index.dat
Flash CS4/%History%/History.IE5/index.dat
Flash CS4/%Internet Cache%/Content.IE5/index.dat
Flash CS4/%Local AppData%/Adobe/Color/ACECache10.lst
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/Array.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/Boolean.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/ContextMenu.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/Function.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/FunctionArguments.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/MovieClip.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/Number.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/Object.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/String.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/TextField.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/TextField/TextField.StyleSheet.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/TextFormat.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/TextSnapshot.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/flash/display/flash.display.BitmapData.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/flash/filters/flash.filters.BitmapFilter.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/flash/geom/flash.geom.ColorTransform.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/flash/geom/flash.geom.Matrix.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/flash/geom/flash.geom.Point.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/flash/geom/flash.geom.Rectangle.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Classes/aso/flash/geom/flash.geom.Transform.aso
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Debugger/AsBreakpoints.xml
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/First Run.dat
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/First Run.log
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Workspace/Essentials.xml
.xml
Flash CS4/%Local AppData%/Adobe/Flash CS4/en/Configuration/Workspace/current.txt
Flash CS4/%Local AppData%/Adobe/TypeSupport/AdobeFnt11.lst
Flash CS4/%Local AppData%/Adobe/TypeSupport/CMaps/AdobeFnt11.lst
Flash CS4/%Local AppData%/Adobe/Updater6/aumLib.log
Flash CS4/%Program Files Common%/Adobe/Adobe PCD/cache/cache.db
Flash CS4/%Program Files Common%/Adobe/Adobe PCD/pcd.db
Flash CS4/%Program Files Common%/Adobe/backup/caps.db
Flash CS4/%Program Files Common%/Adobe/caps/caps.db
Flash CS4/%SystemRoot%/Debug/UserMode/userenv.log
Flash CS4/1000000b00002i/verclsid.exe
.exe windows:4 windows x86 arch:x86

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FormatMessageA
GetLastError
SetLastError
VirtualAlloc
CloseHandle
MapViewOfFile
CreateFileMappingA
VirtualFree
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
HeapFree
lstrcpynW
GetFullPathNameW
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetFileSize
ReadFile
SetFilePointer
CreateFileW
WideCharToMultiByte
Sleep
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW

user32

MessageBoxA

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Flash CS4/400000148c00002i/Flash.exe
.exe windows:4 windows x86 arch:x86

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FormatMessageA
GetLastError
SetLastError
VirtualAlloc
CloseHandle
MapViewOfFile
CreateFileMappingA
VirtualFree
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
HeapFree
lstrcpynW
GetFullPathNameW
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetFileSize
ReadFile
SetFilePointer
CreateFileW
WideCharToMultiByte
Sleep
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW

user32

MessageBoxA

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 288KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Flash CS4/4000009a00002i/iexplore.exe
.exe windows:4 windows x86 arch:x86

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FormatMessageA
GetLastError
SetLastError
VirtualAlloc
CloseHandle
MapViewOfFile
CreateFileMappingA
VirtualFree
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
HeapFree
lstrcpynW
GetFullPathNameW
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetFileSize
ReadFile
SetFilePointer
CreateFileW
WideCharToMultiByte
Sleep
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW

user32

MessageBoxA

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 288KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Flash CS4/400000a400003i/FNPLicensingService.exe
.exe windows:4 windows x86 arch:x86

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FormatMessageA
GetLastError
SetLastError
VirtualAlloc
CloseHandle
MapViewOfFile
CreateFileMappingA
VirtualFree
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
HeapFree
lstrcpynW
GetFullPathNameW
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetFileSize
ReadFile
SetFilePointer
CreateFileW
WideCharToMultiByte
Sleep
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW

user32

MessageBoxA

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 288KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Flash CS4/Registry.rw.lck
Flash CS4/Registry.rw.tvr
Flash CS4/Registry.tvr.backup

Sharing

General

Malware Config

Signatures

Files

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 7KB - Virtual size: 8KB

.res Size: 288KB - Virtual size: 288KB

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 7KB - Virtual size: 8KB

.res Size: 288KB - Virtual size: 20.5MB

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 7KB - Virtual size: 8KB

.res Size: 288KB - Virtual size: 604KB

b940cadb80c6ab17c0d6c9725b30af77

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 7KB - Virtual size: 8KB

.res Size: 288KB - Virtual size: 644KB

.text
Size: 7KB - Virtual size: 8KB

.res
Size: 288KB - Virtual size: 288KB

.text
Size: 7KB - Virtual size: 8KB

.res
Size: 288KB - Virtual size: 20.5MB

.text
Size: 7KB - Virtual size: 8KB

.res
Size: 288KB - Virtual size: 604KB

.text
Size: 7KB - Virtual size: 8KB

.res
Size: 288KB - Virtual size: 644KB