Overview

overview

8

Static

static

7

cbd6afba01...86.exe

windows7-x64

8

cbd6afba01...86.exe

windows10-2004-x64

8

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

DiffieHellman.dll

windows7-x64

1

DiffieHellman.dll

windows10-2004-x64

1

Interop.WO...ib.dll

windows7-x64

1

Interop.WO...ib.dll

windows10-2004-x64

1

Org.Mental...ty.dll

windows7-x64

1

Org.Mental...ty.dll

windows10-2004-x64

1

SMPCSetup.exe

windows7-x64

8

SMPCSetup.exe

windows10-2004-x64

8

XDMessaging.dll

windows7-x64

1

XDMessaging.dll

windows10-2004-x64

1

loading.html

windows7-x64

1

loading.html

windows10-2004-x64

1

sas.dll

windows7-x64

1

sas.dll

windows10-2004-x64

1

screenhooks.dll

windows7-x64

1

screenhooks.dll

windows10-2004-x64

1

smpcvc.exe

windows7-x64

1

smpcvc.exe

windows10-2004-x64

1

smpcview.exe

windows7-x64

1

smpcview.exe

windows10-2004-x64

1

smvnview.exe

windows7-x64

1

smvnview.exe

windows10-2004-x64

1

smwg.exe

windows7-x64

7

smwg.exe

windows10-2004-x64

7

spcplink.exe

windows7-x64

1

spcplink.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    cbd6afba01e715b15fcedd953f24a286

  • Size

    2.5MB

  • MD5

    cbd6afba01e715b15fcedd953f24a286

  • SHA1

    0eac479822622cccde03bedce2a9ebc9f708bc56

  • SHA256

    ea6ac32a9e4674b205d0f952848d72830e082e81cd9a811e93366fe4ac3c2040

  • SHA512

    ccb403ad5a73ee2ad6e8a87f1a7eab60ea1d74ed80d60571bc0a12f326cd4c935edd2a8c5141b6f7b2883d2cdcb31cab077557bc1e5f213e871224daf7812d73

  • SSDEEP

    49152:YeMNkEQdbGpexA4+YX0t0H5TmkCTKUT2i7sLfOO:YeMNLwx3XtcXTKUJAfOO

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • cbd6afba01e715b15fcedd953f24a286
    .exe windows:4 windows x86 arch:x86

    57e98d9a5a72c8d7ad8fb7a6a58b3daf


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    8c8a576201f68de1a3f26fc723b9f30f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/md5dll.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • 0c8dfn20lo0id.res
  • DiffieHellman.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Interop.WODVPNCOMLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Org.Mentalis.Security.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • SMPCSetup.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • SMPCSetup.exe.config
  • SMPCSetup.exe.manifest
  • XDMessaging.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • loading.html
    .html
  • mm2.res
  • sas.dll
    .dll windows:6 windows x86 arch:x86

    638be5dbbe48f1d5c208636a279a8ed3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • screenhooks.dll
    .dll windows:5 windows x86 arch:x86

    89170f52f6b39070641ae9add8e3d44d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • settings.ini
  • smpcvc.exe
    .exe windows:4 windows x86 arch:x86

    1a4bbd972b0e6cd2817839dca65cb79e


    Code Sign

    Headers

    Imports

    Sections

  • smpcview.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • smpcview.exe.config
  • smvnview.exe
    .exe windows:6 windows x86 arch:x86

    39fd4b07046d06e447170c87b75df786


    Code Sign

    Headers

    Imports

    Sections

  • smwg.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • spcplink.exe
    .exe windows:6 windows x86 arch:x86

    0268f426165110b5ce62bf10aa5d587b


    Code Sign

    Headers

    Imports

    Sections

  • tvnserver.exe
    .exe windows:5 windows x86 arch:x86

    697615f23e2fd4b2d810983514c36ea5


    Code Sign

    Headers

    Imports

    Sections

  • wodVPN.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    6d636480c5569b98eff89d0952f3e46b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • wodVPN.dll.manifest