Overview

overview

7

Static

static

7

CODMW3Spol...ie.exe

windows7-x64

7

CODMW3Spol...ie.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

7

$PLUGINSDI...oc.dll

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

main/precomp042.exe

windows7-x64

1

main/precomp042.exe

windows10-2004-x64

1

main/xdelta3.exe

windows7-x64

1

main/xdelta3.exe

windows10-2004-x64

1

zone/polis...42.exe

windows7-x64

1

zone/polis...42.exe

windows10-2004-x64

1

zone/polis...a3.exe

windows7-x64

1

zone/polis...a3.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    CODMW3Spolszczenie.exe

  • Size

    149.9MB

  • MD5

    2c38d44952fb71ae1324693df4065a9b

  • SHA1

    82a74352778ac35a15db714e2cacae4bd85c044c

  • SHA256

    551ec12341b7023da9317f1680d6cd8e9dc162eb2cd6ec621851c1731d108027

  • SHA512

    0db9c85b8864bfd3fb7096de3b820b9e0144fb7c3ac7d590555f2ae68e2b79d035c56d4c9d03f5ecade2ad16485c717b95a6ebdf72a465d4490535e1d172ea1d

  • SSDEEP

    3145728:1WgOOLr3sBmX+UTBWVekiv4pbfK9D1ark5V9Vqdvbg1YHMWjyeY:O4sByb0ckiv4dfK9D1arSc1ljyeY

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 9 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • CODMW3Spolszczenie.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/KillProc.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:4 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • language.txt
  • localization.txt
  • main/CODMW3Spolszczenie.nsi
  • main/localized_polish_iw00.xd3
  • main/localized_polish_iw01.xd3
  • main/localized_polish_iw02.xd3
  • main/localized_polish_iw03.xd3
  • main/localized_polish_iw04.xd3
  • main/precomp042.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • main/xdelta3.exe
    .exe windows:5 windows x86 arch:x86

    d85c237ecd740d96c4833b3847ac05fb


    Headers

    Imports

    Sections

  • zone/polish/berlin.xd3
  • zone/polish/castle.xd3
  • zone/polish/code_post_gfx.xd3
  • zone/polish/code_pre_gfx.xd3
  • zone/polish/common.xd3
  • zone/polish/common_specialops.xd3
  • zone/polish/common_survival.xd3
  • zone/polish/dubai.xd3
  • zone/polish/hamburg.xd3
  • zone/polish/hijack.xd3
  • zone/polish/innocent.xd3
  • zone/polish/intro.xd3
  • zone/polish/localized_code_post_gfx_mp.xd3
  • zone/polish/localized_code_pre_gfx_mp.xd3
  • zone/polish/localized_common_mp.ff
  • zone/polish/localized_ui_mp.xd3
  • zone/polish/london.xd3
  • zone/polish/ny_harbor.xd3
  • zone/polish/ny_manhattan.xd3
  • zone/polish/paris_a.xd3
  • zone/polish/paris_ac130.xd3
  • zone/polish/paris_b.xd3
  • zone/polish/patch.xd3
  • zone/polish/patch_hamburg.xd3
  • zone/polish/patch_innocent.xd3
  • zone/polish/patch_london.xd3
  • zone/polish/patch_mp.xd3
  • zone/polish/patch_mp_underground.xd3
  • zone/polish/patch_paris_ac130.xd3
  • zone/polish/patch_prague_escape.xd3
  • zone/polish/patch_so_survival_mp_village.xd3
  • zone/polish/patch_sp_intro.xd3
  • zone/polish/patch_sp_ny_harbor.xd3
  • zone/polish/patch_specialops.xd3
  • zone/polish/patch_survival.xd3
  • zone/polish/payback.xd3
  • zone/polish/prague.xd3
  • zone/polish/prague_escape.xd3
  • zone/polish/precomp042.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • zone/polish/rescue_2.xd3
  • zone/polish/so_assassin_payback.xd3
  • zone/polish/so_assault_rescue_2.xd3
  • zone/polish/so_deltacamp.xd3
  • zone/polish/so_heliswitch_berlin.xd3
  • zone/polish/so_ied_berlin.xd3
  • zone/polish/so_jeep_paris_b.xd3
  • zone/polish/so_killspree_paris_a.xd3
  • zone/polish/so_littlebird_payback.xd3
  • zone/polish/so_milehigh_hijack.xd3
  • zone/polish/so_nyse_ny_manhattan.xd3
  • zone/polish/so_rescue_hijack.xd3
  • zone/polish/so_stealth_prague.xd3
  • zone/polish/so_stealth_warlord.xd3
  • zone/polish/so_survival_mp_alpha.xd3
  • zone/polish/so_survival_mp_bootleg.xd3
  • zone/polish/so_survival_mp_bravo.xd3
  • zone/polish/so_survival_mp_carbon.xd3
  • zone/polish/so_survival_mp_dome.xd3
  • zone/polish/so_survival_mp_exchange.xd3
  • zone/polish/so_survival_mp_hardhat.xd3
  • zone/polish/so_survival_mp_interchange.xd3
  • zone/polish/so_survival_mp_lambeth.xd3
  • zone/polish/so_survival_mp_mogadishu.xd3
  • zone/polish/so_survival_mp_paris.xd3
  • zone/polish/so_survival_mp_plaza2.xd3
  • zone/polish/so_survival_mp_radar.xd3
  • zone/polish/so_survival_mp_seatown.xd3
  • zone/polish/so_survival_mp_underground.xd3
  • zone/polish/so_survival_mp_village.xd3
  • zone/polish/so_timetrial_london.xd3
  • zone/polish/so_trainer2_so_deltacamp.xd3
  • zone/polish/so_zodiac2_ny_harbor.xd3
  • zone/polish/sp_berlin.xd3
  • zone/polish/sp_dubai.xd3
  • zone/polish/sp_intro.xd3
  • zone/polish/sp_ny_harbor.xd3
  • zone/polish/sp_ny_manhattan.xd3
  • zone/polish/sp_paris_a.xd3
  • zone/polish/sp_paris_b.xd3
  • zone/polish/sp_payback.xd3
  • zone/polish/sp_prague.xd3
  • zone/polish/sp_warlord.xd3
  • zone/polish/ui.xd3
  • zone/polish/warlord.xd3
  • zone/polish/xdelta3.exe
    .exe windows:5 windows x86 arch:x86

    d85c237ecd740d96c4833b3847ac05fb


    Headers

    Imports

    Sections