General

  • Target

    ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610

  • Size

    21.4MB

  • MD5

    193642adb57aec509ba3fd698a09efd2

  • SHA1

    d9166b6ac1c069f028188357ff40256d7395868c

  • SHA256

    ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610

  • SHA512

    507c9698f6d9b2def0f60641b5eeef5a13a55f0a492af62abae7345b9b01d3cef490a689ff98fe899b2188cb4d3d74b1a655dccf370f31d01ca7fbca2041bc5e

  • SSDEEP

    393216:Es5Q1AuX1FFetKFOfzJyb2omyUw7RLo4WRsyo1fL79UXPj5MXHQqkJGlF:Es52AuXHQagzJk+yUwBo5oHUXPFkQ3K

Score
10/10

Malware Config

Signatures

  • Detects Strela Stealer payload 1 IoCs
  • Strela family
  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

Files

  • ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610
    .exe windows:5 windows x86 arch:x86

    b729b61eb1515fcf7b3e511e4e66258b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Banner.dll
    .dll windows:5 windows x86 arch:x86

    beba03bbad1f8d79d5b3c1359e913e0d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:5 windows x86 arch:x86

    cd90e33ffbc335413a25300c682c83df


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MyLangDLLS3.dll
    .dll windows:5 windows x86 arch:x86

    e981c0ab92cb1f191bb5e23392e14796


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/MyLangDLLT3.dll
    .dll windows:5 windows x86 arch:x86

    e981c0ab92cb1f191bb5e23392e14796


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll
    .dll windows:4 windows x86 arch:x86

    bb85049d564b3e4f4a130406f4264713


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Plugin.dll
    .dll windows:5 windows x86 arch:x86

    beb2114478fe878718bcd34fdda6c0d0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/cService.dll
    .dll windows:5 windows x86 arch:x86

    743fbccc2565a8f9873d1a2f313c7ad9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:5 windows x86 arch:x86

    083d4dfafb48fcd81858abcba993f56a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $TEMP/CBU/ConfigurePage.ini
  • $TEMP/CBU/FinishPage.ini
  • $TEMP/CBU/Skin.skf
  • $TEMP/CBU/SkinNoIcon.skf
  • $TEMP/CBU/b.bmp
  • $TEMP/CBU/bottom.bmp
  • $TEMP/CBU/browse.ini
  • $TEMP/CBU/content.bmp
  • $TEMP/CBU/dir.bmp
  • $TEMP/CBU/install.bmp
  • $TEMP/CBU/license.bmp
  • $TEMP/CBU/separator.bmp
  • $TEMP/CBU/uninstall.bmp
  • $TEMP/TemporaryComodoProduct/CBU.exe
    .exe windows:5 windows x86 arch:x86

    80cd553338a09fb6c6debb892c8fbf32


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/TemporaryComodoProduct/COSService.exe
    .exe windows:5 windows x86 arch:x86

    c740524eb385f826473fe59c84232ee4


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/CSE.exe
    .exe windows:5 windows x86 arch:x86

    b4a4301399b7b0da2d591adbaa38eaf5


    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_CHI.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_CZE.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_DE.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_DU.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_ESP.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_EST.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_FIN.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_FRA.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_HUN.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_ITA.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_JAP.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_KOR.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_POL.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_POR.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_RO.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_RU.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_SLO.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_SWE.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/GUIlang_TUR.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $TEMP/TemporaryComodoProduct/ProxyDetector.exe
    .exe windows:5 windows x86 arch:x86

    f7a43f7bb29a0009cc3e8de1893d2431


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/ShellExtension.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    4887e0f32aee5f871f3c579f5268fd50


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/TemporaryComodoProduct/SynchronizationService.exe
    .exe windows:5 windows x86 arch:x86

    cc39cc1382553f64395b82c285dbd816


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/VSS_s2003.dll
    .dll windows:5 windows x86 arch:x86

    e420df96679cf3b1c1804f2e93559c85


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/TemporaryComodoProduct/VSS_vista.dll
    .dll windows:5 windows x86 arch:x86

    e420df96679cf3b1c1804f2e93559c85


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/TemporaryComodoProduct/VSS_xp.dll
    .dll windows:5 windows x86 arch:x86

    e420df96679cf3b1c1804f2e93559c85


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/TemporaryComodoProduct/WdfCoInstaller01009.dll
    .dll windows:6 windows x86 arch:x86

    a17af54bf9d379152b9c377204b35eb9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/TemporaryComodoProduct/bdisk.cat
  • $TEMP/TemporaryComodoProduct/bdisk.inf
  • $TEMP/TemporaryComodoProduct/bdisk.sys
    .sys windows:6 windows x86 arch:x86

    ad498c1dcd1b39acbfab19f91e4648a2


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/cbreparse.cat
  • $TEMP/TemporaryComodoProduct/cbreparse.inf
  • $TEMP/TemporaryComodoProduct/cbreparse.sys
    .sys windows:6 windows x86 arch:x86

    ac0709eda76ae351a85b9cce7c00195a


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/cbufs.cat
  • $TEMP/TemporaryComodoProduct/cbufs.inf
  • $TEMP/TemporaryComodoProduct/cbufs.sys
    .sys windows:6 windows x86 arch:x86

    065543bdec12c744289075522527863a


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/cbunat.exe
    .sys windows:6 windows x86 arch:x86

    ea744cf53a95a397109eab452cdf26d7


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/cbvd.cat
  • $TEMP/TemporaryComodoProduct/cbvd.inf
  • $TEMP/TemporaryComodoProduct/cbvd.sys
    .sys windows:6 windows x86 arch:x86

    616d4b8192d81b00e2e64feeb2946ba0


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/cos-core-lib.dll
    .dll windows:5 windows x86 arch:x86

    94966ee85e39c9188e96726151ee749d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/TemporaryComodoProduct/vdbus.cat
  • $TEMP/TemporaryComodoProduct/vdbus.inf
  • $TEMP/TemporaryComodoProduct/vdbus.sys
    .sys windows:6 windows x86 arch:x86

    cf3f4b9a6409d28185b9a128e9ee5678


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/TemporaryComodoProduct/version.ini
  • CBDrvSys.exe
    .exe windows:6 windows x86 arch:x86

    06694565e94cd10f48e1e4b90bc04bc2


    Headers

    Imports

    Sections

  • cacert.pem
  • cakey.pem
  • crosscer.cer
  • lpslib.dll
    .dll windows:5 windows x86 arch:x86

    dffeb55675037ef26f53f4261af8038b


    Code Sign

    Headers

    Imports

    Exports

    Sections