Overview

overview

7

Static

static

3

Install_Xf...b4.exe

windows10-1703-x64

7

$PLUGINSDI...sh.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...gs.dll

windows10-1703-x64

3

$_12_/SerumFX_x64.dll

windows10-1703-x64

1

C:/Program...FX.dll

windows10-1703-x64

3

C:/Program...FX.dll

windows10-1703-x64

3

C:/Program...FX.dll

windows10-1703-x64

3

C:/Program...FX.dll

windows10-1703-x64

3

SerumFX.dll

windows10-1703-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Install_Xfer_SerumFX_Update_121b4.exe

  • Size

    9.8MB

  • MD5

    9d868445a92f394d05e474d1322f78c8

  • SHA1

    4279e851fc44a232688845d8f42d436253d056cf

  • SHA256

    68d5d5ffdd1dd47bff5692f0544b41f07b3ee74523dee3c217e87ea03620bbbe

  • SHA512

    1ec70fbe611ac6dd1bd88d18da73a5443a32bbb0646a13a580479273d6939d36e54e54525bcdb6e7f2a92180e2dc715dd2d24447776065c5dbcdee03ea75b2c4

  • SSDEEP

    196608:4rh38WSEfC7ZWiVDlkzLzWqK75v29c/vfczr9VkQozMvX0f/HS39:4tscCHSfzW/vBczxVkQozMf0f/HS39

Score
3/10

Malware Config

Signatures

  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • Install_Xfer_SerumFX_Update_121b4.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    7fa974366048f9c551ef45714595665e


    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    741b6bafe355b63a372d737b30543a95


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/splash.bmp
  • $_12_/SerumFX_x64.dll
    .dll windows:5 windows x64 arch:x64

    Password: infected

    a6f30ce6a9e68cf04c37fc6de028da6f


    Headers

    Imports

    Exports

    Sections

  • C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/Contents/Win32/SerumFX.aaxplugin
    .dll windows:6 windows x86 arch:x86

    Password: infected

    4c8d31cc56985625860a91362dc62131


    Headers

    Imports

    Exports

    Sections

  • C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/Contents/x64/SerumFX.aaxplugin
    .dll windows:5 windows x64 arch:x64

    Password: infected

    9fdc08aac25be749c01bf89f807c6af9


    Headers

    Imports

    Exports

    Sections

  • C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/PlugIn.ico
  • C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/desktop.ini
  • C:/Program Files/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/Contents/Win32/SerumFX.aaxplugin
    .dll windows:6 windows x86 arch:x86

    Password: infected

    4c8d31cc56985625860a91362dc62131


    Headers

    Imports

    Exports

    Sections

  • C:/Program Files/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/Contents/x64/SerumFX.aaxplugin
    .dll windows:5 windows x64 arch:x64

    Password: infected

    9fdc08aac25be749c01bf89f807c6af9


    Headers

    Imports

    Exports

    Sections

  • C:/Program Files/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/PlugIn.ico
  • C:/Program Files/Common Files/Avid/Audio/Plug-Ins/SerumFX.aaxplugin/desktop.ini
  • SerumFX.dll
    .dll windows:5 windows x86 arch:x86

    0880e29664022f4c8bcda0cae03d2de0


    Headers

    Imports

    Exports

    Sections