24dce62bc6f8849d11a268bcf05d6b579f31b1e95291c823249802241779ff6a

Sharing

Copy URL Twitter E-mail

General

Target

24dce62bc6f8849d11a268bcf05d6b579f31b1e95291c823249802241779ff6a
Size

554KB
MD5

06171d05eae787ccb8852d92a0a4e68b
SHA1

3575c9fb0733e8e2c4870990858f6bb58e20dccf
SHA256

24dce62bc6f8849d11a268bcf05d6b579f31b1e95291c823249802241779ff6a
SHA512

9a20b15c8f864f80c67127d9ad848f87dea303c0fb5239327b21a6aa40e5ba0a4899ccd3f2a91d398219fc1d6a3f7d494f6ed11ca3f0bc609540c4a4b5461a96
SSDEEP

12288:etPGCra1mp9bdTGz3dqDWryWtfdKmtAw7WCb1QUNwtJZnCZ:etFmMpvaLdqqJ4Fw7WCb2UUZnCZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$TEMP/ScoreSelector.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

24dce62bc6f8849d11a268bcf05d6b579f31b1e95291c823249802241779ff6a
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

6f:42:4d:17:e7:5e:a0:98:f5:b2:cd:4a:2a:c7:25:dc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/04/2015, 00:00

Not After

20/04/2016, 23:59

Subject

CN=Video Plugin software S.L.,O=Video Plugin software S.L.,L=Guia de Isora,ST=Santa Cruz de Tenerife,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:32:0a:3b:45:f6:7e:62:e6:3a:5e:16:5b:83:f4:ba:11:42:1b:20
Signer

Actual PE Digest

8e:32:0a:3b:45:f6:7e:62:e6:3a:5e:16:5b:83:f4:ba:11:42:1b:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/ScoreSelector.dll
.dll windows:5 windows x86 arch:x86

6f67b142e8471e98880813481a26b74f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
IsBadReadPtr
GetCommandLineA
CreateThread
ExitThread
ExitProcess
VirtualQuery
DebugBreak
GetStdHandle
WriteConsoleW
GetFileType
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
GetSystemTimeAsFileTime
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
OutputDebugStringA
OpenEventA
RaiseException
Sleep
GetCurrentThread
GetLocaleInfoW
GlobalFlags
FlushFileBuffers
SetFilePointer
WriteFile
ResumeThread
SetThreadPriority
LoadLibraryA
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
lstrlenA
lstrcmpA
CompareStringW
InterlockedIncrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetAtomNameW
GlobalGetAtomNameW
GetCurrentProcessId
CreateEventW
SuspendThread
GetCurrentThreadId
SetEvent
CloseHandle
GlobalFree
OutputDebugStringW
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
SetLastError
WaitForSingleObject
GetComputerNameW
GetVolumeInformationW
lstrlenW
WideCharToMultiByte
GetLastError
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
InterlockedDecrement
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesA
GetVersionExW
GetModuleHandleW
GetSystemInfo
GetModuleFileNameW
IsDebuggerPresent
LoadLibraryW
GetProcAddress
GetCurrentProcess
FreeLibrary
RtlUnwind

user32

GetSubMenu
IsMenu
DispatchMessageW
TranslateMessage
GetMessageW
GetMenuItemCount
GetMenuState
ValidateRect
SetWindowsHookExW
GetCursorPos
PeekMessageW
CallNextHookEx
GetKeyState
PostQuitMessage
IsWindow
SendMessageW
PostMessageW
TabbedTextOutW
GetWindowThreadProcessId
EnableWindow
InflateRect
PtInRect
SystemParametersInfoW
ReuseDDElParam
DestroyMenu
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
SetCursor
SetRectEmpty
ShowWindow
SetWindowTextW
UnpackDDElParam
GetClipboardFormatNameW
GetClipboardFormatNameA
GetForegroundWindow
SetForegroundWindow
GetDesktopWindow
GetActiveWindow
ShowOwnedPopups
IsWindowVisible
InvalidateRect
UpdateWindow
GetWindowDC
ClientToScreen
BringWindowToTop
RegisterWindowMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
LoadIconW
GetClientRect
MapWindowPoints
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetTopWindow
GetWindow
GetCapture
WinHelpW
TrackPopupMenu
GetDlgItem
DestroyWindow
GetDlgCtrlID
GetClassLongW
GetClassNameW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
SetMenu
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetMenuCheckMarkDimensions
GetFocus
GetWindowTextW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
LoadCursorW
LoadMenuW
SetMenuItemBitmaps
ModifyMenuW
InsertMenuItemW
GetMenuItemInfoW
EnableMenuItem
CheckMenuItem
CreatePopupMenu
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongW
GetMenuItemID
GrayStringW
DrawTextExW
DrawTextW
FillRect
LoadBitmapW
GetSysColorBrush
UnhookWindowsHookEx
MessageBoxW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameA
RegEnumKeyExW
OpenThreadToken
RevertToSelf
SetThreadToken

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
StringFromCLSID

shell32

DragQueryFileW
DragFinish

oleaut32

VariantInit
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantClear
VariantChangeType

shlwapi

StrStrIA
StrStrIW
PathFindFileNameW

gdi32

GetObjectType
GetStockObject
GetObjectW
ExtTextOutW
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetDeviceCaps
PtVisible
RectVisible
BitBlt
GetPixel
TextOutW
GetTextExtentPoint32W
Escape
GetClipBox
SetTextColor
SetBkColor
DeleteDC
SaveDC
RestoreDC
SetBkMode
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

GetStringNotContinue
getNextOfferWrapper
resetReadOffersWrapper

Sections

.text
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Setup.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6f:42:4d:17:e7:5e:a0:98:f5:b2:cd:4a:2a:c7:25:dc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/04/2015, 00:00

Not After

20/04/2016, 23:59

Subject

CN=Video Plugin software S.L.,O=Video Plugin software S.L.,L=Guia de Isora,ST=Santa Cruz de Tenerife,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:cc:e6:91:42:22:3b:d8:3a:bf:3a:be:ad:a2:ae:94:eb:23:ab:74
Signer

Actual PE Digest

ba:cc:e6:91:42:22:3b:d8:3a:bf:3a:be:ad:a2:ae:94:eb:23:ab:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Setup.exe.config
.xml

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

6f:42:4d:17:e7:5e:a0:98:f5:b2:cd:4a:2a:c7:25:dcCertificate

Extended Key Usages

Key Usages

8e:32:0a:3b:45:f6:7e:62:e6:3a:5e:16:5b:83:f4:ba:11:42:1b:20Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 33KB - Virtual size: 33KB

6f67b142e8471e98880813481a26b74f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

winspool.drv

oleacc

Exports

Exports

Sections

.text Size: 441KB - Virtual size: 441KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 9KB - Virtual size: 26KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 65KB - Virtual size: 65KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6f:42:4d:17:e7:5e:a0:98:f5:b2:cd:4a:2a:c7:25:dcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

ba:cc:e6:91:42:22:3b:d8:3a:bf:3a:be:ad:a2:ae:94:eb:23:ab:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 405KB - Virtual size: 405KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 512B - Virtual size: 12B

6f:42:4d:17:e7:5e:a0:98:f5:b2:cd:4a:2a:c7:25:dc
Certificate

8e:32:0a:3b:45:f6:7e:62:e6:3a:5e:16:5b:83:f4:ba:11:42:1b:20
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 33KB - Virtual size: 33KB

.text
Size: 441KB - Virtual size: 441KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 9KB - Virtual size: 26KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 65KB - Virtual size: 65KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6f:42:4d:17:e7:5e:a0:98:f5:b2:cd:4a:2a:c7:25:dc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

ba:cc:e6:91:42:22:3b:d8:3a:bf:3a:be:ad:a2:ae:94:eb:23:ab:74
Signer

.text
Size: 405KB - Virtual size: 405KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 12B