General

  • Target

    f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777

  • Size

    801KB

  • MD5

    163b7e3680fdada8d087cfc709a208f6

  • SHA1

    5e2478d2a0a3151eff56ad90f46fcaa48acf0af0

  • SHA256

    f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777

  • SHA512

    76253ac1dc4e20d6799ffe76002acce6d8c787f5b31b3c21f7b760ba9f67e06a61e8f6b96bc5fd42f929471ececec56f73492012d5069821f3bbe943f372c014

  • SSDEEP

    12288:EnPdlVYESSswUQBocgzDRovxJvbyLuUXTjYMRvHfeCcS//lIoW6V+uMiEAMBOikI:UPdlXSSLUCFgzszx8PdZhNU7BP

Score
3/10

Malware Config

Signatures

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • f1c63d50946ef49834a6c4dc39f8a0b87f94ad2686a751c73e7f641716333777
    .exe windows:4 windows x86 arch:x86

    9dda1a1d1f8a1d13ae0297b47046b26e


    Headers

    Imports

    Sections

  • $LOCALAPPDATA/Acronis/Agent/etc/aakore.yaml
  • $LOCALAPPDATA/Acronis/Agent/var/aakore/mms.unit
  • $LOCALAPPDATA/Acronis/BackupAndRecovery/MMS/AccessVault/config/preferred
  • $LOCALAPPDATA/Acronis/CaCertificates/cert_bundle.pem
  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    509a34b3a68a773e0afb4259e68f9f82


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    68b7023f8923dd087549802f8fa631c3


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/Drivers/fltsrv.sys
    .sys windows:6 windows x64 arch:x64

    beef218a94b13cba9a08a5373216eb84


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/Drivers/snapman.sys
    .sys windows:6 windows x64 arch:x64

    3477fed7d289202844691a00ecc3a50c


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/Drivers/volume_tracker.sys
    .sys windows:6 windows x64 arch:x64

    76f8608dcff1c09cc5523e20c0cfce52


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/snapapi.dll
    .dll windows:5 windows x64 arch:x64

    3f8940d080fb81e69aac1a4efed2df23


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/snapapint.bin
    .dll windows:6 windows x86 arch:x86

    f63399fbb01b2ca59adaa85ac3de4083


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/snapapint64.bin
    .dll windows:6 windows x64 arch:x64

    833e2574a193a7752fd2d7a4e61e9112


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/volume_tracker_driver_api.dll
    .dll windows:5 windows x64 arch:x64

    42caad835c295298885818d4302b15bf


    Code Sign

    Headers

    Imports

    Exports

    Sections