Overview

overview

10

Static

static

3

dcdc99a71a...3b.exe

windows7-x64

10

dcdc99a71a...3b.exe

windows10-2004-x64

10

$TEMP/Part...ri.dll

windows7-x64

10

$TEMP/Part...ri.dll

windows10-2004-x64

10

$TEMP/what...60.dll

windows7-x64

1

$TEMP/what...60.dll

windows10-2004-x64

1

$TEMP/what...60.dll

windows7-x64

1

$TEMP/what...60.dll

windows10-2004-x64

1

$TEMP/what...60.dll

windows7-x64

1

$TEMP/what...60.dll

windows10-2004-x64

1

$TEMP/what...ps.dll

windows7-x64

1

$TEMP/what...ps.dll

windows10-2004-x64

1

$TEMP/what...ui.dll

windows7-x64

1

$TEMP/what...ui.dll

windows10-2004-x64

1

$TEMP/what...er.dll

windows7-x64

1

$TEMP/what...er.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcdc99a71af2d3db2cb3004dd3e91a4908d71a876179b447ed116742cff8ba3b

  • Size

    721KB

  • MD5

    ed8504a7a6f3377d677b97526a376e81

  • SHA1

    86a0376de9b9ee12f86ed24091bc151ebae7d147

  • SHA256

    dcdc99a71af2d3db2cb3004dd3e91a4908d71a876179b447ed116742cff8ba3b

  • SHA512

    624bd34a11ebc86976bfd36385c79cf1730f81ce16f1c4fbf8076e226056219deb132e629297729b415c3721114425ae12f3da8ff34a1e60827d0588e7b74397

  • SSDEEP

    12288:/anyMm4/gn9Otfj8QwCHPInVyTnT6+lyZsIhqV4mfSoi1f5N/yCjcbvsqUpR:5Mh+aNwSPInVyFlONhq2mKD3/yCjYpuR

Score
3/10

Malware Config

Signatures

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • dcdc99a71af2d3db2cb3004dd3e91a4908d71a876179b447ed116742cff8ba3b
    .exe windows:4 windows x86 arch:x86

    7c2c71dfce9a27650634dc8b1ca03bf0


    Headers

    Imports

    Sections

  • $TEMP/Capercaillie
  • $TEMP/PartiShikari.dll
    .dll windows:5 windows x86 arch:x86

    70deecc9256d7731ff47ae8164d66943


    Headers

    Imports

    Exports

    Sections

  • $TEMP/whatnot/failure/cgi-bin/33.opends60.dll
  • $TEMP/whatnot/failure/cgi-bin/69.opends60.dll
  • $TEMP/whatnot/failure/cgi-bin/79.opends60.dll
  • $TEMP/whatnot/failure/cgi-bin/Aspnetregsql.exe
    .xml
  • $TEMP/whatnot/failure/cgi-bin/blank-hddvd.xml
    .xml
  • $TEMP/whatnot/failure/cgi-bin/edbgps.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    757d4c6094c99e0cf4b7172e7fbdfc2a


    Headers

    Imports

    Exports

    Sections

  • $TEMP/whatnot/failure/cgi-bin/hxvzui.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • $TEMP/whatnot/failure/cgi-bin/hyphen-de.md5sums
  • $TEMP/whatnot/failure/cgi-bin/org.gnome.Software.Plugin.Odrs.metainfo.xml
    .xml
  • $TEMP/whatnot/failure/cgi-bin/sbsdiasymreader.dll
    .dll windows:5 windows x86 arch:x86

    67a93297e14b927bc8a7a8f49c55bfe1


    Headers

    Imports

    Sections