Overview

overview

10

Static

static

3

archive/setup.exe

windows7-x64

10

archive/setup.exe

windows10-2004-x64

10

archive/up...ng.dll

windows10-2004-x64

3

archive/up...re.dll

windows10-2004-x64

3

archive/up...nt.dll

windows10-2004-x64

3

archive/up...gr.dll

windows10-2004-x64

3

archive/up...lr.dll

windows7-x64

3

archive/up...lr.dll

windows10-2004-x64

3

archive/up...nk.dll

windows10-2004-x64

3

archive/up...pn.dll

windows10-2004-x64

3

archive/up...vc.dll

windows10-2004-x64

3

archive/up...rf.dll

windows7-x64

3

archive/up...rf.dll

windows10-2004-x64

3

archive/up...ib.dll

windows7-x64

3

archive/up...ib.dll

windows10-2004-x64

3

archive/up...00.dll

windows7-x64

3

archive/up...00.dll

windows10-2004-x64

3

archive/up...00.dll

windows7-x64

3

archive/up...00.dll

windows10-2004-x64

3

archive/up...rs.dll

windows10-2004-x64

1

archive/up...rs.dll

windows7-x64

3

archive/up...rs.dll

windows10-2004-x64

3

archive/up...up.dll

windows10-2004-x64

1

archive/up...In.dll

windows7-x64

1

archive/up...In.dll

windows10-2004-x64

1

archive/up...ch.dll

windows7-x64

1

archive/up...ch.dll

windows10-2004-x64

1

archive/up...ns.dll

windows7-x64

3

archive/up...ns.dll

windows10-2004-x64

3

archive/up...gn.dll

windows7-x64

1

archive/up...gn.dll

windows10-2004-x64

1

archive/up...ls.dll

windows7-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b.zip

  • Size

    18.6MB

  • MD5

    3a1f9204a1f08953bacef8cb1bdeefc0

  • SHA1

    953ee890d9b6040bae8bdd347241e1b1ff3c0a15

  • SHA256

    bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b

  • SHA512

    72c7e219348b210d2646689dea675c78fb20a58b8385904ad249baf3c3cafb2107f5df9c68a7ff2d523cad308a00848b12dac28146aaa92bff18b6580c1d40d9

  • SSDEEP

    393216:/3fBluSgM2pEGMVXwMRRSaiM83kWXSziT1olamYUDA7FjFq9+6fSCg7Rfh:/f6Sxw6gPF5CU2Oh

Score
3/10

Malware Config

Signatures

  • Unsigned PE 11 IoCs

    Checks for missing Authenticode signature.

Files

  • bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b.zip
    .zip
  • archive/setup.exe
    .exe windows:5 windows x86 arch:x86

    be41bf7b8cc010b614bd36bbca606973


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/Affiliated
  • $TEMP/Believed
  • $TEMP/Bennett
  • $TEMP/Brad
  • $TEMP/Bt
  • $TEMP/Cottages
  • $TEMP/Developments
  • $TEMP/Diary
  • $TEMP/Dir
  • $TEMP/Divx
  • $TEMP/Ecommerce
  • $TEMP/Faces
  • $TEMP/Father
  • $TEMP/Followed
  • $TEMP/Friendship
  • $TEMP/Importantly
  • $TEMP/Leadership
  • $TEMP/Listed
  • $TEMP/Ones
  • $TEMP/Permalink
  • $TEMP/Primary
  • $TEMP/Rec
  • $TEMP/Refund
  • $TEMP/Roots
  • $TEMP/Scheduling
  • $TEMP/Shower
  • $TEMP/Skirt
  • $TEMP/Stakeholders
  • $TEMP/Stupid
  • $TEMP/Surplus
  • $TEMP/Teddy
  • CbsOdd/Animated
  • CbsOdd/Christmas
  • CbsOdd/Commercial
  • CbsOdd/Friendly
  • CbsOdd/Outside
  • CbsOdd/Push
  • CbsOdd/Serving
  • CbsOdd/Soap
  • CbsOdd/Submission
  • CbsOdd/Ur
  • CbsOdd/Wildlife
  • RecyclingSupplied/Curves
  • RecyclingSupplied/Greatest
  • RecyclingSupplied/October
  • RecyclingSupplied/Provider
  • archive/updates/Cache_Data/AudioEng.dll
    .dll regsvr32 windows:10 windows x86 arch:x86

    40e63787dbd8b01e488b84c1b879e331


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/Cache_Data/CbsCore.dll
    .dll windows:10 windows x86 arch:x86

    f6f01a36a4d540ac399445a36f5e9173


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/Cache_Data/Microsoft.Uev.AppAgent.dll
    .dll windows:10 windows x86 arch:x86

    63572ceb3e4dacb5a08c6127c47231ff


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/Cache_Data/certmgr.dll
    .dll regsvr32 windows:10 windows x86 arch:x86

    ca188497e79abc1def20615c73631f36


    Headers

    Imports

    Exports

    Sections

  • archive/updates/Cache_Data/clr.dll
    .dll windows:6 windows x86 arch:x86

    01513932f96e7c52f6301f4cdc793a75


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/Cache_Data/mfmp4srcsnk.dll
    .dll windows:10 windows x86 arch:x86

    3f51a4af7b71901479685a8ba49bffb5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/Windows.Networking.Vpn.dll
    .dll regsvr32 windows:10 windows x86 arch:x86

    46c790b1299f41735d780784e230830e


    Headers

    Imports

    Exports

    Sections

  • archive/updates/WsmSvc.dll
    .dll windows:10 windows x86 arch:x86

    1733d72a0061e382d31cda4dcb76c930


    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/Aspnet_perf.dll
    .dll windows:6 windows x86 arch:x86

    33099121b9268fefa42b3a9b21dd165f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/InstallUtilLib.dll
    .dll windows:5 windows x86 arch:x86

    822076004448a06c9b61fe57e1705503


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/PenIMC_v0400.dll
    .dll windows:6 windows x86 arch:x86

    10764327bfaac46b699ab3d849224585


    Code Sign

    Headers

    Imports

    Sections

  • archive/updates/dll/PresentationNative_v0400.dll
    .dll windows:6 windows x86 arch:x86

    1dca172dc886a8a79fd3c0091bf90812


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/PrimitiveTransformers.dll
    .dll windows:10 windows x64 arch:x64

    df3ec708e62f0fccfe951a485496547f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/ServiceModelPerformanceCounters.dll
    .dll windows:6 windows x86 arch:x86

    28e7b9798d6684e7e1487700c6fbd72f


    Code Sign

    Headers

    Imports

    Sections

  • archive/updates/dll/SettingsHandlers_OneDriveBackup.dll
    .dll windows:10 windows x64 arch:x64

    d8d8b3c8cea022e3fef194f7c16e2106


    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/System.AddIn.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • archive/updates/dll/System.Speech.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • archive/updates/dll/System.Transactions.dll
    .dll windows:5 windows x86 arch:x86

    7469780bb6fda5f25da4408eda0b3bb8


    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/System.Web.DynamicData.Design.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • archive/updates/dll/WMINet_Utils.dll
    .dll regsvr32 windows:6 windows x86 arch:x86

    2c305302a504b098dd13608a5e3f7401


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/WindowsBase.resources.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • archive/updates/dll/msvcr90.dll
    .dll windows:5 windows x86 arch:x86

    0fda4497453286b1daa098623dfc53ce


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/sppinst.dll
    .dll windows:10 windows x64 arch:x64

    bad65dbeacd0fec7bc112c5f4dea09f2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/dll/webengine.dll
    .dll windows:6 windows x86 arch:x86

    8603c13963bd7ceef1ddddf8b79927cc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/mispace.dll
    .dll regsvr32 windows:10 windows x86 arch:x86

    96cc7d69d4489565fff1a31584ba2774


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/mscordbi.dll
    .dll windows:6 windows x86 arch:x86

    37dcc12b692cfefb25f541225a3d8f67


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/msxml6.dll
    .dll regsvr32 windows:10 windows x86 arch:x86

    c996611b797005e13c21196faba27f93


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/rdpbase.dll
    .dll windows:10 windows x86 arch:x86

    011b0bcfd787f8ddff110bf47845e26b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/res_mods/1.25.0.0/readme.txt
  • archive/updates/res_mods/GdiPlus.dll
    .dll windows:10 windows x86 arch:x86

    a56220c2309938f551658c7cdd527f0f


    Headers

    Imports

    Exports

    Sections

  • archive/updates/updates/Cache_Data/data_3
  • archive/updates/updates/ILU.dll
    .dll windows:6 windows x86 arch:x86

    3767ebafb33fc69d2c48fc442fbb7241


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/updates/Uninstall/unins000.exe
    .exe windows:5 windows x86 arch:x86

    ab2499e0e72dfad09db9c131cd20670f


    Headers

    Imports

    Sections

  • archive/updates/updates/app_type.xml
    .xml
  • archive/updates/wpfgfx_v0400.dll
    .dll windows:6 windows x86 arch:x86

    7336ff0c696f257cdccd3f807e9476e2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • archive/updates/wsp_health.dll
    .dll regsvr32 windows:10 windows x86 arch:x86

    df1d57630c25e1ade71bd85935a390f9


    Code Sign

    Headers

    Imports

    Exports

    Sections