General
-
Target
Avira Advertising.7z
-
Size
4.9MB
-
MD5
9756425e9da98ff3f32d8053251d547e
-
SHA1
088a18c1e34dce278082358befb7a2ac12ea946b
-
SHA256
5c5b071445e68cdeb58481c8fd09c9c0375a20c9ecdfbd33c31326c0f2f29526
-
SHA512
59de4ddb2404048d80533608c9e7787569fccaa6cad93135beae6bb84fa491c5a6aa482d4a9add8c9a4db3ac57420b73153f5753759eb336d76677e76af03cd6
-
SSDEEP
98304:mmHy9v/nBui3vqndtt/uVqdWurBWWUcaFFKcYV5jLV25xc1AOtrgsLxa2LZ:HHydn4i3vqB/XWuhUpFKnJ/t5xa2l
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Avira Advertising/payment and key.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Avira Advertising/payment and key.exe
Files
-
Avira Advertising.7z.7z
Password: Avira2024
-
Avira Advertising/logo/2020_Avira_Box_bundle_PAID_ISEC-win_EN_880x1536.webp
-
Avira Advertising/logo/2020_Avira_Box_single_PAID_AVPro-win_EN.webp
-
Avira Advertising/logo/2021_Avira_Box_bundle_PAID_PRIME_EN.webp
-
Avira Advertising/logo/Avira_Logo_Print.eps
-
Avira Advertising/logo/Stiftung-award.webp
-
Avira Advertising/logo/avira-logo.webp
-
Avira Advertising/logo/avira-phantom-vpn-pro.webp
-
Avira Advertising/logo/avira-software-updater-pro.webp
-
Avira Advertising/logo/avira-system-speedup-pro.webp
-
Avira Advertising/logo/avtest_award_2021_best_usability_avira.webp
-
Avira Advertising/logo/logo_aph_2022.webp
-
Avira Advertising/logo/logo_fd_ADV__mar2022.webp
-
Avira Advertising/logo/logo_rw_adv__2022_06.webp
-
Avira Advertising/logo/perf_adv_apr_2022.webp
-
Avira Advertising/payment and key.exe.exe windows:6 windows x64 arch:x64
Password: Avira2024
88cc934f0668de0dd885fc314185c5b0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetTempPathW
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
MultiByteToWideChar
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCurrentThread
HeapFree
CloseHandle
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapReAlloc
GetFileType
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
SetStdHandle
CreateFileW
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
SetEndOfFile
RtlUnwind
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 281KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xpdata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.arch Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xtls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xdata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.srdata Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp2 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.enigma1 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.dsstext Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.enigma2 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Avira Advertising/promotional video.mp4
-
Avira Advertising/rules and requirements.txt