General

  • Target

    966174e02aa55938e2ce150b301b1b1d

  • Size

    6.8MB

  • MD5

    966174e02aa55938e2ce150b301b1b1d

  • SHA1

    e49a244091d047b15072d5161d286a335b9bd3ac

  • SHA256

    9661762b367c9b9914e02a274fce181229109e5ddadb224a2dd9e047c35c28e5

  • SHA512

    856315ea03641c7f49c4ff80e94bdc35d9c8c66c87b3353a16907b0fdd630fe6ff9b85b1161e6ff650e8f81ffbd4c396fa56bc96bb11e85e9e2b51c9f78d701e

  • SSDEEP

    196608:NqpMTzSWys5rD+JfS5Qsl/icTFnpZwlVTJE:NqGSWyE+JfS5t9icFn/wlY

Score
3/10

Malware Config

Signatures

  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • 966174e02aa55938e2ce150b301b1b1d
    .rar
  • KwSing-v1.6.0.5.exe
    .exe windows:4 windows x86 arch:x86

    237a51742fed62d237b6f1b75452402f


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AnimGif.dll
    .dll windows:4 windows x86 arch:x86

    b4b71331b921e2f441a2b05306cd7dae


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Base64.dll
    .dll windows:4 windows x86 arch:x86

    472def3d6dc5d4ffe27376a831b4d49b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    57354bdeea3dfae6e948101add87501a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KuWoNsis_kwsing.dll
    .dll windows:4 windows x86 arch:x86

    383095dd47e2b622420c8e71fdc9b829


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KuWoNsis_new.dll
    .dll windows:4 windows x86 arch:x86

    c1c7e2e49a726b988d79dc6456f258fb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KwSingNsis.dll
    .dll windows:4 windows x86 arch:x86

    42f0a89c533557f8035526a37469d477


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5d31a4a9e83c0a8e38bab1f57d28402c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/KWMUSIC/BindConfig.ini
  • $TEMP/KWMUSIC/DownloadUpdate.exe
    .exe windows:4 windows x86 arch:x86

    237a51742fed62d237b6f1b75452402f


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Base64.dll
    .dll windows:4 windows x86 arch:x86

    472def3d6dc5d4ffe27376a831b4d49b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KuWoNsis_new.dll
    .dll windows:4 windows x86 arch:x86

    29fd838184a64d185951b6564c3a17b4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    4ec328f99bdd944fc98d8a5cf11f7a62


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5d31a4a9e83c0a8e38bab1f57d28402c


    Headers

    Imports

    Exports

    Sections

  • BugReport.dll
    .dll windows:4 windows x86 arch:x86

    fff9465c88118b392ad30f9b55ab0e4a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • BugReportExe.exe
    .exe windows:4 windows x86 arch:x86

    9b6f85e42e6786ac528aa43aff0b180e


    Code Sign

    Headers

    Imports

    Sections

  • KwLogSvr.dll
    .dll windows:4 windows x86 arch:x86

    eb435004eafd97d761b5bc569dee7eda


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • KwSing.exe
    .exe windows:4 windows x86 arch:x86

    121abe524ad051c663bed05b0bca45b7


    Code Sign

    Headers

    Imports

    Sections

  • KwTE.exe
    .exe windows:4 windows x86 arch:x86

    c6be85311234918a11aa2d555a7f0917


    Code Sign

    Headers

    Imports

    Sections

  • MFC71.dll
    .dll windows:4 windows x86 arch:x86

    7397fb8b8633dd76aa9cbc7e2e0c24bd


    Code Sign

    Headers

    Imports

    Sections

  • XCPTHLR.dll
    .dll windows:4 windows x86 arch:x86

    bb3c4a0f7e4ecdd488f39be8a32452cb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • component/AlbumManager.dll
    .dll windows:4 windows x86 arch:x86

    b635ce12611a7bd3af600c16655221c1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • component/DeviceDetect.dll
    .dll windows:4 windows x86 arch:x86

    bd774aff121604a8d75bf2206bb9cd64


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • dbghelp.dll
    .dll windows:5 windows x86 arch:x86

    42cfa6142c38112bdaffa05fb22db82e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • encode.exe
    .exe windows:4 windows x86 arch:x86

    d12687e4d1def46839faae304842e70a


    Code Sign

    Headers

    Imports

    Sections

  • http.dll
    .dll windows:4 windows x86 arch:x86

    47417322be0fb0b09891e730a748d4d3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • instpage.gif
    .gif
  • koowo.prx
  • kw.wma
  • kw.wmv
  • kwConfigWiz.exe
    .exe windows:4 windows x86 arch:x86

    20cb7f8bd1bb1f2aaea0624df068bc60


    Code Sign

    Headers

    Imports

    Sections

  • lidx.dll
    .dll windows:4 windows x86 arch:x86

    c3a8961ed238c04dac5e959f76478bcc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • msvcp71.dll
    .dll windows:4 windows x86 arch:x86

    5e2398adb60a70c7ab04e7cba75a7983


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • msvcr71.dll
    .dll windows:4 windows x86 arch:x86

    7acc8c379c768a1ecd81ec502ff5f33e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • p2p.dll
    .dll windows:4 windows x86 arch:x86

    4624b74062805096fc737c58a1ad0f3e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • zlib.dll
    .dll windows:4 windows x86 arch:x86

    6ca5129cf676bf086156341822a28d95


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 新云软件.url
    .url