Overview

overview

10

Static

static

7

SpySheriff(1).zip

windows11-21h2-x64

1

IESecurity.dll

windows11-21h2-x64

6

ProcMon.dll

windows11-21h2-x64

1

ReadME.txt

windows11-21h2-x64

3

SpySheriff.dvm

windows11-21h2-x64

3

SpySheriff.exe

windows11-21h2-x64

7

Uninstall.exe

windows11-21h2-x64

1

base.avd

windows11-21h2-x64

3

base001.avd

windows11-21h2-x64

3

base002.avd

windows11-21h2-x64

3

found.wav

windows11-21h2-x64

6

heur000.dll

windows11-21h2-x64

1

heur001.dll

windows11-21h2-x64

1

heur002.dll

windows11-21h2-x64

4

heur003.dll

windows11-21h2-x64

10

notfound.wav

windows11-21h2-x64

6

Resubmissions

28/08/2024, 05:45

240828-gfzwfsyfpl 10

11/03/2024, 16:38

240311-t5j8hsfe8v 10

11/03/2024, 16:32

240311-t11dyabd98 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SpySheriff(1).zip

  • Size

    1.3MB

  • MD5

    5ec70a62b7fa20507ab4b70c3389bb37

  • SHA1

    68ee641337d66b3d6c31dd7f0729afbf2bbdc069

  • SHA256

    d16dddc1e9ad69c5ef67afd93eb801c74ca5b95ec8b46741786c8c8ec47b1b1d

  • SHA512

    0a11577e6ca68124741cf9d3f9357839cd28e83b60a074b06065a962102c14401ecd7035042b9197263ca42626b14e18356d4d413fb2217f52cfe93009cb56e8

  • SSDEEP

    24576:VNgDMZ96GXyY03689pDhw0Ifxpa+7FLzMrn7a7gIWAxZjD9YenhEdNxA1P:7c05yY2vDhAraskS7p/NY2KA1P

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • SpySheriff(1).zip
    .zip

    Password: infected

  • IESecurity.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    Password: infected

    1ff4c4c142ea70fe689c30e8a09d2f14


    Headers

    Imports

    Exports

    Sections

  • ProcMon.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    954ea2e32339a1a0b582a7f0848202e2


    Headers

    Imports

    Exports

    Sections

  • ReadME.txt
  • SpySheriff.dvm
  • SpySheriff.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Sections

  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    03283e65ee94b511cfd3336bf7ade5a6


    Headers

    Imports

    Sections

  • base.avd
  • base001.avd
  • base002.avd
  • found.wav
  • heur000.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Exports

    Sections

  • heur001.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Exports

    Sections

  • heur002.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Exports

    Sections

  • heur003.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Exports

    Sections

  • notfound.wav
  • removed.wav