Resubmissions

02/03/2024, 22:38

240302-2kwptaae37 10

02/03/2024, 22:34

240302-2g86qsad96 10

General

  • Target

    Fake AV.zip

  • Size

    38.6MB

  • MD5

    5d2863ac5f62a9fee17cd8c6799edba7

  • SHA1

    6f99e22d4f7308713c7262387c9a77f8e8b241b4

  • SHA256

    aee69ef9040e902b7a6639d7594df47e0e73625143a671583db8b85be525a3e5

  • SHA512

    d3e5aaec5fe7d3a81f881f31e1dae14baff0e5a806f50e7d1e2556124bcd1fa556485b073b459b8111de714e5be0eccb49bbe686ecf60a0e30f7e308c19d68a0

  • SSDEEP

    786432:eD3TpOcp9S8a8BvOuL+ZN6AiBFvm2FmlhVgw8PnxMyxGl:A3Fbp9Sl8pNL+mTR7PxnGl

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 42 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 6 IoCs

Files

  • Fake AV.zip
    .zip
  • Fake AV/AnViPC2009.exe
    .exe windows:5 windows x86 arch:x86

    9402b48d966c911f0785b076b349b5ef


    Headers

    Imports

    Sections

  • Fake AV/Ana.exe
    .exe windows:5 windows x86 arch:x86

    9222d372923baed7aa9dfa28449a94ea


    Headers

    Imports

    Sections

  • Fake AV/Antivirus.exe
    .exe windows:4 windows x86 arch:x86

    5a2c800e40f7e30fbf38d55c7090d219


    Headers

    Imports

    Sections

  • Fake AV/Antivirus2010.exe
    .exe windows:4 windows x86 arch:x86

    7fbaa4ed437c6c11ecec3f2819b67132


    Headers

    Imports

    Sections

  • Fake AV/AntivirusPlatinum.exe
    .exe windows:5 windows x86 arch:x86

    50610e34092d6ce13e51e7c9d5197081


    Headers

    Imports

    Sections

  • Fake AV/AntivirusPro2017.exe
    .exe windows:5 windows x86 arch:x86

    71239d4ab8bd734745714b0037234d0b


    Headers

    Imports

    Sections

  • Fake AV/CleanThis.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • Fake AV/FakeAdwCleaner.exe
    .exe windows:4 windows x86 arch:x86

    e160ef8e55bb9d162da4e266afd9eef3


    Code Sign

    Headers

    Imports

    Sections

  • 6AdwCleaner.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • Fake AV/FileFixPro/Activation.reg
  • Fake AV/FileFixPro/FFProInstall.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • Fake AV/HappyAntivirus.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Fake AV/InternetSecurityGuard.exe
    .exe windows:4 windows x86 arch:x86

    620760962d7d40d6f6f4a86a401ddcfa


    Headers

    Imports

    Sections

  • Fake AV/LPS2019.exe
    .exe windows:5 windows x86 arch:x86

    00be6e6c4f9e287672c8301b72bdabf3


    Headers

    Imports

    Sections

  • Fake AV/Movie.mpeg.exe
    .exe windows:4 windows x86 arch:x86

    b4b5f9450a4de64424c7896eebdaf75b


    Headers

    Imports

    Sections

  • Fake AV/NavaShield.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Fake AV/PCDefender.exe
    .exe windows:5 windows x86 arch:x86

    50610e34092d6ce13e51e7c9d5197081


    Headers

    Imports

    Sections

  • Fake AV/PCDefenderv2.msi
    .msi .vbs polyglot
  • Fake AV/RegistrySmart.exe
    .exe windows:1 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • Fake AV/SE2011.exe
    .exe windows:5 windows x86 arch:x86

    7b4879f52b9e13826e55497b8a5033c3


    Headers

    Imports

    Exports

    Sections

  • Fake AV/SecurityCentral.exe
    .exe windows:4 windows x86 arch:x86

    2034ca1e64f1b7d7caa54336f36141b2


    Headers

    Imports

    Sections

  • Fake AV/SecurityDefender.exe
    .exe windows:5 windows x86 arch:x86

    87bed5a7cba00c7e1f4015f1bdae2183


    Headers

    Imports

    Sections

  • Fake AV/SecurityDefener2015.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • Fake AV/SecurityScanner.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Fake AV/SmartDefragmenter.exe
    .exe windows:4 windows x86 arch:x86

    d6d92b735b19ebf8f5154df99a6eaf71


    Headers

    Imports

    Sections

  • Fake AV/VAV2008.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Fake AV/Win7Recovery.exe
    .exe windows:5 windows x86 arch:x86

    16f918727956e3290e9ef449cc9402d9


    Headers

    Imports

    Sections

  • Fake AV/WindowsAcceleratorPro.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Fake AV/WolframAV.exe
    .exe windows:4 windows x86 arch:x86

    33ef7b8ab8c303e1cca7e465369d918d


    Headers

    Imports

    Sections

  • Fake AV/XFileCorrupter.exe
    .exe windows:4 windows x86 arch:x86

    75d01de820ffa6a645944fa353356a3f


    Headers

    Imports

    Sections

  • Fake AV/XPAntivirus2008.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    9d433976e02d79532f0d635ee81d0b20


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillSelf.dll
    .dll windows:4 windows x86 arch:x86

    bb981d54de1208258954ef6a95d1ec2c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MachineKey.dll
    .dll windows:4 windows x86 arch:x86

    373a46f2dac5b6d7b5b3f2780d9e54f0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Mutex.dll
    .dll windows:4 windows x86 arch:x86

    a833fbcbd17326d1fe91bba98b26bfd8


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/lastpage.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/update.ini
  • $TEMP/pin.vbs
    .vbs
  • $_7_.exe
    .exe windows:4 windows x86 arch:x86

    0dd28c30dea0b829fe2addad09403d7e


    Headers

    Imports

    Sections

  • MFC71.dll
    .dll windows:4 windows x86 arch:x86

    7397fb8b8633dd76aa9cbc7e2e0c24bd


    Headers

    Imports

    Sections

  • MFC71ENU.DLL
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    9d433976e02d79532f0d635ee81d0b20


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    815c88741b87a0210c457b00b57bf9c6


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MachineKey.dll
    .dll windows:4 windows x86 arch:x86

    373a46f2dac5b6d7b5b3f2780d9e54f0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • database.dat
    .zip
  • license.txt
  • msvcp71.dll
    .dll windows:4 windows x86 arch:x86

    5e2398adb60a70c7ab04e7cba75a7983


    Headers

    Imports

    Exports

    Sections

  • msvcr71.dll
    .dll windows:4 windows x86 arch:x86

    7acc8c379c768a1ecd81ec502ff5f33e


    Headers

    Imports

    Exports

    Sections

  • Fake AV/XPAntivirus2008.ico
  • Fake AV/fpfstb.dll
    .dll windows:4 windows x86 arch:x86

    5133445d085ab24d1bd03815699a49c7


    Headers

    Imports

    Sections

  • Fake AV/readme.md