Overview

overview

7

Static

static

7

msvcr100.dll.exe

windows7-x64

7

msvcr100.dll.exe

windows10-2004-x64

7

Documents ...00.dll

windows7-x64

1

Documents ...00.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/A865...43.dll

windows7-x64

1

$TEMP/A865...43.dll

windows10-2004-x64

1

$TEMP/A865...95.dll

windows7-x64

1

$TEMP/A865...95.dll

windows10-2004-x64

3

js/bramus/...ler.js

windows7-x64

1

js/bramus/...ler.js

windows10-2004-x64

1

js/prototy...ype.js

windows7-x64

1

js/prototy...ype.js

windows10-2004-x64

1

lic.html

windows7-x64

1

lic.html

windows10-2004-x64

1

page.html

windows7-x64

1

page.html

windows10-2004-x64

1

page3.html

windows7-x64

1

page3.html

windows10-2004-x64

1

page4.html

windows7-x64

1

page4.html

windows10-2004-x64

1

page5.html

windows7-x64

1

page5.html

windows10-2004-x64

1

scanreg_setup.exe

windows7-x64

7

scanreg_setup.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ad2204b5084d131656656cc047ca0d5b

  • Size

    2.0MB

  • MD5

    ad2204b5084d131656656cc047ca0d5b

  • SHA1

    a20ad394b8dd438ffd5b5317c8878a917f6e123c

  • SHA256

    fc8986bd199f9ab80f245728b34139c713705bf448d7b7e6387dc307664f783c

  • SHA512

    a473e25babade519bf7d4d9468d5df5f7acf22200bba45557b19056afdbd96607a38c18e4e6d08f7948799cf19f583c72877d1e5979c798880312072b1c69423

  • SSDEEP

    49152:sT0IQpXKgxeL0jMfPm+S2b6/nXlm9LWc+qaSdZjDpH5zzzsslHZ:C0IItxW0jMfPm+SvfQlTawH6sdZ

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • ad2204b5084d131656656cc047ca0d5b
    .rar
  • msvcr100.dll.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $EXEDIR/msvcr100.dll.7z
    .7z
  • Documents and Settings/UserXP/My Documents/cashmagnat/msvcr100/msvcr100/msvcr100.dll
  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $TEMP/A8659519/a1023201.bin
  • $TEMP/A8659519/d1052243.dll
    .dll windows:4 windows x86 arch:x86

    3726b8c597bbd6bac65abe3d0400a84f


    Headers

    Imports

    Exports

    Sections

  • $TEMP/A8659519/d1065395.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $TEMP/A8659519/k1015799.bin
  • $TEMP/A8659519/k1037053.bin
  • $TEMP/A8659519/o1004637.bin
  • $TEMP/A8659519/r1038710.bin
  • $TEMP/A8659519/v1022534.bin
  • $TEMP/A8659519/x1011481.bin
    .7z
  • images/Thumbs.db
  • images/bg.png
    .png
  • images/bramus/Thumbs.db
  • images/bramus/percentImage.gif
    .gif
  • images/bramus/percentImage.png
    .png
  • images/bramus/percentImage_back.png
    .png
  • images/icons/Thumbs.db
  • images/icons/add.gif
    .gif
  • images/icons/empty.gif
    .gif
  • images/icons/fill.gif
    .gif
  • images/icons/get.gif
    .gif
  • images/icons/minus.gif
    .gif
  • images/icons/set.gif
    .gif
  • images/install.png
    .png
  • images/pay-header.png
    .png
  • js/bramus/jsProgressBarHandler.js
    .js
  • js/prototype/prototype.js
    .js
  • lic.html
  • page.html
    .html
  • page3.html
    .html
  • page4.html
    .html .js polyglot
  • page5.html
    .html
  • scanreg_setup.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Инструкция!!! ЧИТАТЬ ВСЕМ!!!.txt