Overview

overview

7

Static

static

7

96831d1854...04.exe

windows7-x64

7

96831d1854...04.exe

windows10-2004-x64

7

$PLUGINSDI...re.dll

windows7-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

3

$PLUGINSDI...ik.dll

windows7-x64

3

$PLUGINSDI...ik.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...PY.dll

windows7-x64

1

$PLUGINSDI...PY.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$_15_/HWSignature.dll

windows7-x64

3

$_15_/HWSignature.dll

windows10-2004-x64

3

14.1.0.885...re.dll

windows7-x64

3

14.1.0.885...re.dll

windows10-2004-x64

3

14.1.0.885...ik.dll

windows7-x64

3

14.1.0.885...ik.dll

windows10-2004-x64

3

SogouExe/H...Ex.dll

windows7-x64

3

SogouExe/H...Ex.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    96831d18540642bb2c1e34c0de14ab751f4da62e2c183b72a94854ba12dcc004

  • Size

    7.5MB

  • MD5

    069def7c78d4841fcb718d61a1cf3238

  • SHA1

    3b2eed433a5ed0490a6592f54f977f4d86f2208c

  • SHA256

    96831d18540642bb2c1e34c0de14ab751f4da62e2c183b72a94854ba12dcc004

  • SHA512

    46cdfbd922362d843e17fde2a9f286c661f8f566b6334993de09047b46c1ce5b73f39831b52a40155355a8874ccd431758d9d2f454d1d8ab5f90be2d6d1dfa61

  • SSDEEP

    196608:ofxIRGi9PkGv9rTKhyqfLWtFnntd6R7Bkupv:o2Rt5v9PKhTkaP

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • 96831d18540642bb2c1e34c0de14ab751f4da62e2c183b72a94854ba12dcc004
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ImageMagik.dll
    .dll windows:6 windows x86 arch:x86

    f204f2299a0324f196a8576faef59e72


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:5 windows x86 arch:x86

    cd90e33ffbc335413a25300c682c83df


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupFlash.swf
  • $PLUGINSDIR/SetupLib.dll
    .dll windows:6 windows x86 arch:x86

    1c326b518f92a7bcf049e8fa323b3174


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupLibNew.dll
    .dll windows:6 windows x86 arch:x86

    52e7b9435bfea29a22a84cc10de490ad


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupUi.cupf
  • $PLUGINSDIR/SogouPY.ime
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/setuppage.zip
    .zip
  • font.xml
  • img/bg_hole.png
    .png
  • img/browseclick.svg
  • img/browsedisable.svg
  • img/browsehover.svg
  • img/browsenormal.svg
  • img/buttoninstallclick.svg
  • img/buttoninstalldisable.svg
  • img/buttoninstallhover.svg
  • img/buttoninstallnormal.svg
  • img/closeclick.svg
  • img/closedisable.svg
  • img/closehover.svg
  • img/closenormal.svg
  • img/closenormalclick.svg
  • img/closenormaldisable.svg
  • img/closenormalhover.svg
  • img/closenormalnormal.svg
  • img/customizebuttonclick.svg
  • img/customizebuttondisable.svg
  • img/customizebuttonhover.svg
  • img/customizebuttonnormal.svg
  • img/filebg.svg
  • img/gouxuanselected.svg
  • img/icon.svg
  • img/installbg1.svg
  • img/installbg2.svg
  • img/installfinish.svg
  • img/installfinish_no_yyb.svg
  • img/itemuse_hover.svg
    .xml
  • img/itemuse_normal.svg
    .xml
  • img/itemuse_push.svg
    .xml
  • img/logo_bg_1.png
    .png
  • img/logo_bg_1.svg
    .xml
  • img/miniclick.svg
  • img/minidisable.svg
  • img/minihover.svg
  • img/mininormal.svg
  • img/miniprogressclick.svg
  • img/miniprogressdisable.svg
  • img/miniprogresshover.svg
  • img/miniprogressnormal.svg
  • img/packupclick.svg
  • img/packupdisable.svg
  • img/packuphover.svg
  • img/packupnormal.svg
  • img/pathinputactive.svg
  • img/pathinputdisable.svg
  • img/pathinputhover.svg
  • img/pathinputnormal.svg
  • img/popup_close_disable.svg
    .xml
  • img/popup_close_hover.svg
    .xml
  • img/popup_close_normal.svg
    .xml
  • img/popup_close_push.svg
    .xml
  • img/popup_ok_hover.svg
    .xml
  • img/popup_ok_normal.svg
    .xml
  • img/popup_ok_push.svg
    .xml
  • img/process.svg
  • img/progressbar.svg
  • img/search_suggest_tip_hover.svg
  • img/search_suggest_tip_normal.svg
  • img/search_suggest_tips_bak.svg
  • img/slideshow/1.svg
  • img/slideshow/2.svg
  • img/slideshow/3.svg
  • img/slideshow/4.svg
    .xml
  • img/slideshow/5.svg
  • img/slideshow/6.svg
  • img/tipsbg.svg
  • img/ungouxuanclick.svg
  • img/ungouxuanhover.svg
  • img/ungouxuannormal.svg
  • img/warning_popup_icon.svg
    .xml
  • searchsuggesttips.xml
  • setuppage.xml
  • slideshow.xml
  • sogoumessage.xml
  • style.xml
  • $_15_/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.1.0.8858/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.1.0.8858/ImageMagik.dll
    .dll windows:6 windows x86 arch:x86

    f204f2299a0324f196a8576faef59e72


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.1.0.8858/SetupUi.cupf
  • SogouExe/HWSignatureEx.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections