General
-
Target
ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com].rar
-
Size
132.8MB
-
Sample
240421-zcafhabb47
-
MD5
d797b7c39ac75189a3c91ee9f9018c05
-
SHA1
8f038be7ab3560d371448b4b88406ad01a2be38e
-
SHA256
6ee78b18ddb57ebb710f371d9c01b743fc7fb080527360a56d9981c56cdffffb
-
SHA512
9b3c43b28218ff01835c2ff515b4537f29d10bcd0a038ba85e3f57493b811a96e43e306b49e50ec80254f925ab100c915abb9507a1b829cf37f381e0993ddf3e
-
SSDEEP
3145728:gacSDhTHOPKpYT7C/CBExbffVB55yTPdlDTrxs0ngF:rHFTcmYwfv7yT/DTrxsY8
Malware Config
Targets
-
-
Target
ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com].rar
-
Size
132.8MB
-
MD5
d797b7c39ac75189a3c91ee9f9018c05
-
SHA1
8f038be7ab3560d371448b4b88406ad01a2be38e
-
SHA256
6ee78b18ddb57ebb710f371d9c01b743fc7fb080527360a56d9981c56cdffffb
-
SHA512
9b3c43b28218ff01835c2ff515b4537f29d10bcd0a038ba85e3f57493b811a96e43e306b49e50ec80254f925ab100c915abb9507a1b829cf37f381e0993ddf3e
-
SSDEEP
3145728:gacSDhTHOPKpYT7C/CBExbffVB55yTPdlDTrxs0ngF:rHFTcmYwfv7yT/DTrxsY8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com]/Crack/PaperScan.exe
-
Size
9.4MB
-
MD5
f434756b39750e43ff96b755b3f849dc
-
SHA1
65f46285af19eae27d7459fb5a4ac16230a8caa4
-
SHA256
bd22511826b242bb41fe9b4ce8aacde2c2bb99443335b341c8ab2bb363d7675b
-
SHA512
22c5ebf5c4d975cd0cbc8247d29afda480503f184a48adebc98b01ffdb7a56333ff48f90ea952a55fe77e44a5193fa2b3ca91188d65de2d3f3ae2ed7a62fb21d
-
SSDEEP
98304:a4oTwMMM+MMMQMMM+MMMxMMM+MMMLMMM+MMMgMMM+MMMRMMM+MMMHMMM+MMMcMMZ:a/uYs0+mfeISrU2KxU1b
Score3/10 -
-
-
Target
ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com]/Crack/PaperScan64.exe
-
Size
9.4MB
-
MD5
f844081c212986712286ba7e7acc3d62
-
SHA1
da92a97e8de3ba0769200165d1e6742297391bea
-
SHA256
26106e3622caefcb06b7b0409637ed01959612b459aa9e369b0be9b76e362c91
-
SHA512
c6456c4db37428a383d5c0875f44bcfd28d87ec7299b3e02843790a93b51780aeb539a01cbf301fdebd643c11fe1b304736c863fc037a6865c7f14d0eb6a4e4e
-
SSDEEP
98304:N901mMMM+MMMQMMM+MMMxMMM+MMMLMMM+MMMgMMM+MMMRMMM+MMMHMMM+MMMcMME:N0zYs0+mfeISrU2KxU1b
Score1/10 -
-
-
Target
ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com]/Readme.txt
-
Size
142B
-
MD5
ffbc2d3dfb2ca6ab6f2d64bd5deca692
-
SHA1
1bce14c6ca500abd9e9e03d6865d8c1048541106
-
SHA256
39f148dcbdb43e2f02122f63f147d44a2d476d04bd29894d73a8c600d8f8ff88
-
SHA512
64560cc27f37246f7182a4f75bd8c589d985ee80c855acbb49e45408a8d2e0c53828b99c6581a5805b27e7e94ce2d87f31d6f264621c4794264e1e25cdaae1b4
Score1/10 -
-
-
Target
ORPALIS PaperScan Professional Edition 4.0.9 [PeskTop.com]/paperscanpro4.exe
-
Size
124.9MB
-
MD5
d964449be90f3d1eabcd4bd4e0f1687b
-
SHA1
1f58c435655108220a656066933ce05de5a18f64
-
SHA256
93ec1818f17060773929f735d16343edeb9fab83b35d01f6ae4473c979d33443
-
SHA512
7a223efd9be3ac244065e387078bfc90704c2bf5665b14a8d9b1a90755f3f56759df88b36e1f9ca85b849728a9eddf48e9e15adf8a2044131a269de25b49dde4
-
SSDEEP
3145728:kagyVIufss4uvENj3aT32FpHCBRgoDCkD0iUWoMM:QyVI1FCEhqL2Fpirg8j9VoMM
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Visit www.pesktop.com.url
-
Size
122B
-
MD5
ec78904d048134a63c41a2dd63a5b201
-
SHA1
31423c68a5d5a9401a973d2cbd6c8d84607821d6
-
SHA256
42e647086d0d6d89c283279ab7974260ed242b0b925d683c8856af8c004ea430
-
SHA512
e0edfec56103424fe78d6e6d32ae80c91369bd2327753c970ef778ac585467e31a2413b00a46d569b256b3b81fd005cd69167890714fb50384722c1a0cc5e861
Score1/10 -