Overview

overview

4

Static

static

3

PDF附件.exe

windows7-x64

3

PDF附件.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

_ctypes.dll

windows7-x64

1

_ctypes.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

bwaeawveaw...A.html

windows7-x64

3

bwaeawveaw...A.html

windows10-2004-x64

3

bwaeawveaw...on.exe

windows7-x64

1

bwaeawveaw...on.exe

windows10-2004-x64

1

Licenses/1...la.rtf

windows7-x64

4

Licenses/1...la.rtf

windows10-2004-x64

1

Licenses/1...la.rtf

windows7-x64

4

Licenses/1...la.rtf

windows10-2004-x64

1

Licenses/1...la.rtf

windows7-x64

4

Licenses/1...la.rtf

windows10-2004-x64

1

Licenses/1...la.rtf

windows7-x64

4

Licenses/1...la.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    5741827163672cc63b30f09a75206634f523f24d8dbff157f14711b6de98f5d2

  • Size

    13.6MB

  • MD5

    249038e704f852289ccc1b41404bb9a6

  • SHA1

    380d57685c1ebf9ec158352a19e34b043b46c2c5

  • SHA256

    5741827163672cc63b30f09a75206634f523f24d8dbff157f14711b6de98f5d2

  • SHA512

    8b28ffd0f329a7bc9133d0df4f329d3197a4baac3e287acf406f0154c38f3a12be1bd03847964a1e4a75dacfe97eae3b23b3bdff0cc567991357b584a05788ba

  • SSDEEP

    196608:VrJninWJh42j6odJLbI2EPZ6R5sZDfpDcjWWG1HiZhDDPh3OfIiI5D/0aoLugfsm:VdninY97K22ZYEcmBc1BOfi5QaauknJP

Score
3/10

Malware Config

Signatures

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 5741827163672cc63b30f09a75206634f523f24d8dbff157f14711b6de98f5d2
    .zip
  • PDF附件.exe
    .exe windows:4 windows x86 arch:x86

    b76363e9cb88bf9390860da8e50999d2


    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    f2ac1ab587d5531d5f1bf76c094aef4c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    f03b2bab186574d8892d3d73fa9fd3fd


    Headers

    Imports

    Exports

    Sections

  • App.dat
  • _ctypes.pyd
    .dll windows:6 windows x64 arch:x64

    768b86d928de40bc567b1e5127ab520f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • api-ms-win-crt-conio-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-convert-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-environment-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-filesystem-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-heap-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-locale-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-math-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-process-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-runtime-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-stdio-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-string-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • api-ms-win-crt-time-l1-1-0.dll
    .dll windows:10 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • bwaeawveawcdaw/211221.zip
    .zip
  • image_1.jpg
  • bwaeawveawcdaw/EULA.html
    .html
  • bwaeawveawcdaw/GeForce Experience Permission.exe
    .exe windows:6 windows x64 arch:x64

    c9614ff71f83ff12993f340f2211e1bb


    Code Sign

    Headers

    Imports

    Sections

  • bwaeawveawcdaw/awdasccxxx.7z
    .7z
  • AA111/iisInspectorWizBanner.png
    .png
  • AA111/iisInspectorWizWatermark.png
    .png
  • AA111/importAppV5WizBanner.png
    .png
  • AA111/importAppV5WizWatermark.png
    .png
  • AA111/importAppVWizBanner.png
    .png
  • AA111/importAppVWizWatermark.png
    .png
  • AA111/importAppXWizBanner.png
    .png
  • AA111/importAppXWizWatermark.png
    .png
  • AA111/importModifPkgWizBanner.png
    .png
  • AA111/importModifPkgWizWatermark.png
    .png
  • AA111/importOptionalPkgWizBanner.png
    .png
  • AA111/importOptionalPkgWizWatermark.png
    .png
  • AA111/importThinappBanner.png
    .png
  • AA111/importThinappWatermark.png
    .png
  • AA111/importUwpAppXWizBanner.png
    .png
  • AA111/importUwpAppXWizWatermark.png
    .png
  • AA111/innoWizBanner.png
    .png
  • AA111/innoWizWatermark.png
    .png
  • AA111/inteliJWizBanner.png
    .png
  • AA111/inteliJWizWatermark.png
    .png
  • AA111/intuneWizBanner.png
    .png
  • AA111/intuneWizWatermark.png
    .png
  • AA111/islImportWizBanner.png
    .png
  • AA111/plus_hover.png
    .png
  • Licenses/1028/NuGetEula.rtf
    .rtf
  • Licenses/1029/NuGetEula.rtf
    .rtf
  • Licenses/1031/NuGetEula.rtf
    .rtf
  • Licenses/1033/NuGetEula.rtf
    .rtf
  • Licenses/1036/NuGetEula.rtf
    .rtf
  • Licenses/1040/NuGetEula.rtf
    .rtf
  • cat05047a45609f311645eebcac2739fc4c.cat
  • cat126c039acc6f1c0a9426a128efb713e7.cat
  • cat12a529d45b148a2d28290a8a7535b37b.cat
  • cat13bf5f9b75a9d1c9f44ba5d34a14227f.cat
  • cat13d68b8a7b6678a368e2d13ff4027521.cat
  • cat15bc5316e373960d82abc253bceaa25d.cat
  • cat1623efce9d1a46396798f44a7bc769e9.cat
  • cat16ab2ea2187acffa6435e334796c8c89.cat
  • cat220daf459e79c5d26366654b1b482e87.cat
  • cat262fa3187c00a1f695e0c3eeb7ecf423.cat
  • cat2630bae9681db6a9f6722366f47d055c.cat
  • cat2868a02217691d527e42fe0520627bfa.cat
  • cat306e26e920fd32cb02bf538b4e799a0d.cat
  • cat31ec2a68a04d58dc4a3d639fddc68493.cat
  • cat353be8f91891a6a5761b9ac157fa2ff1.cat
  • cat4035a83dc8e73244d15d1196d55059c3.cat
  • cat40d92f424eff54b03db4c51669f9a8d6.cat
  • cat43cc1b2daf931a3f0ea4ad696c2327fb.cat
  • cat43d52fdb99b86048e15fbd34f5b99cb5.cat
  • cat44fa8dd71f05b5ff459e3312fa93ca6c.cat
  • cat463ad1b0783ebda908fd6c16a4abfe93.cat
  • cat50ce7925226cb6ab8e0fe9ad9fd58433.cat
  • cat52a8e5203ade8fe7174c590308f2e44a.cat
  • cat559dbc3a49a69c6adf60b1c87b4df71b.cat
  • cat56a114848fda9a7e47bad4b3fc4be9a6.cat
  • cat576cff9c50e8085ab8d9c28ee12bac3e.cat
  • cat590d28783ff280b8b0016c3492433241.cat
  • cat61d57a7a82309cd161a854a6f4619e52.cat
  • cat66c7c64126fbf84f47ccec556d149b12.cat
  • cat67c9fd1fab36154e6e7e429610cd67c8.cat
  • cat67fb2af3d2219b403e419535a547c019.cat
  • cat685f3d4691f444bc382762d603a99afc.cat
  • cat68de71e3e2fb9941ee5b7c77500c0508.cat
  • cat73b80f421d7f3df5a71bd772f56bf3ae.cat
  • cat766c0ffd568bbb31bf7fb6793383e24a.cat
  • cat77db8ab55a0b236db83c55ced6e8a9a3.cat
  • cat78fa3c824c2c48bd4a49ab5969adaaf7.cat
  • cat80dcdb79b8a5960a384abe5a217a7e3a.cat
  • cat818d2d3634f0efb6e64d7e7c8ca5f98b.cat
  • cat89d9bbd87f7a5560bafa520a4ebfdf17.cat
  • cat8daf1f236e631041cdaa802ddb9ccc3d.cat
  • cat8eec88833ea319aaa1061d6528c77b93.cat
  • cat8fe3c1ca244ece932599eb0b61855d8f.cat
  • cat90e1202895672ce81992e71be30528cc.cat
  • cat93a74a1d34a22ae9d2e1ccc5208ad21a.cat
  • cat948a611cd2aca64b1e5113ffb7b95d5f.cat
  • cat9ba47e440ec2fbe9a3d32a53bf0f68dc.cat
  • cat9bcb3fab78e80d68be28892ea7ad46c3.cat
  • cat9bfca1e044c38e04afe2363d3db899c8.cat
  • bwaeawveawcdaw/icudtl.dat
  • bwaeawveawcdaw/ίI.zip
    .zip
  • image_1.jpg
  • image_3.jpg
  • image_7.jpg
  • image_9.jpg
  • bwaeawveawcdaw/ЦǺ΢ЦŮͷ.zip
    .zip
  • image_1.jpg
    .png
  • image_2.jpg
    .png
  • text.txt
  • title.txt
  • bxsdk64.dll
    .dll windows:4 windows x64 arch:x64

    85d9050f238524ca08a3c7ebad3a4c25


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • hello.zip
    .zip
  • libffi-7.dll
    .dll windows:6 windows x64 arch:x64

    3dc8b86d60f90a1851eee5f9dc191312


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • micro.avi
  • python.exe
    .exe windows:6 windows x64 arch:x64

    a1304c4778128720e89539bb55752e4c


    Code Sign

    Headers

    Imports

    Sections

  • python3.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Exports

    Sections

  • python38.dll
    .dll windows:6 windows x64 arch:x64

    261e29ba9c7f4ed764afbdcad4167ddc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • python38.zip
    .zip
  • _collections_abc.pyc
  • _sitebuiltins.pyc
  • _weakrefset.pyc
  • abc.pyc
  • codecs.pyc
  • collections/__init__.pyc
  • collections/abc.pyc
  • contextlib.pyc
  • copyreg.pyc
  • ctypes/__init__.pyc
  • ctypes/_aix.pyc
  • ctypes/_endian.pyc
  • ctypes/macholib/README.ctypes
  • ctypes/macholib/__init__.pyc
  • ctypes/macholib/dyld.pyc
  • ctypes/macholib/dylib.pyc
  • ctypes/macholib/fetch_macholib
    .sh linux
  • ctypes/macholib/fetch_macholib.bat
  • ctypes/macholib/framework.pyc
  • ctypes/util.pyc
  • ctypes/wintypes.pyc
  • encodings/__init__.pyc
  • encodings/aliases.pyc
  • encodings/ascii.pyc
  • encodings/base64_codec.pyc
  • encodings/big5.pyc
  • encodings/big5hkscs.pyc
  • encodings/bz2_codec.pyc
  • encodings/charmap.pyc
  • encodings/cp037.pyc
  • encodings/cp1006.pyc
  • encodings/cp1026.pyc
  • encodings/cp1125.pyc
  • encodings/cp1140.pyc
  • encodings/cp1250.pyc
  • encodings/cp1251.pyc
  • encodings/cp1252.pyc
  • encodings/cp1253.pyc
  • encodings/cp1254.pyc
  • encodings/cp1255.pyc
  • encodings/cp1256.pyc
  • encodings/cp1257.pyc
  • encodings/cp1258.pyc
  • encodings/cp273.pyc
  • encodings/cp424.pyc
  • encodings/cp437.pyc
  • encodings/cp500.pyc
  • encodings/cp720.pyc
  • encodings/cp737.pyc
  • encodings/cp775.pyc
  • encodings/cp850.pyc
  • encodings/cp852.pyc
  • encodings/cp855.pyc
  • encodings/cp856.pyc
  • encodings/cp857.pyc
  • encodings/cp858.pyc
  • encodings/cp860.pyc
  • encodings/cp861.pyc
  • encodings/cp862.pyc
  • encodings/cp863.pyc
  • encodings/cp864.pyc
  • encodings/cp865.pyc
  • encodings/cp866.pyc
  • encodings/cp869.pyc
  • encodings/cp874.pyc
  • encodings/cp875.pyc
  • encodings/cp932.pyc
  • encodings/cp949.pyc
  • encodings/cp950.pyc
  • encodings/euc_jis_2004.pyc
  • encodings/euc_jisx0213.pyc
  • encodings/euc_jp.pyc
  • encodings/euc_kr.pyc
  • encodings/gb18030.pyc
  • encodings/gb2312.pyc
  • encodings/gbk.pyc
  • encodings/hex_codec.pyc
  • encodings/hp_roman8.pyc
  • encodings/hz.pyc
  • encodings/idna.pyc
  • encodings/iso2022_jp.pyc
  • encodings/iso2022_jp_1.pyc
  • encodings/iso2022_jp_2.pyc
  • encodings/iso2022_jp_2004.pyc
  • encodings/iso2022_jp_3.pyc
  • encodings/iso2022_jp_ext.pyc
  • encodings/iso2022_kr.pyc
  • encodings/iso8859_1.pyc
  • encodings/iso8859_10.pyc
  • encodings/iso8859_11.pyc
  • encodings/iso8859_13.pyc
  • encodings/iso8859_14.pyc
  • encodings/iso8859_15.pyc
  • encodings/iso8859_16.pyc
  • encodings/iso8859_2.pyc
  • encodings/iso8859_3.pyc
  • encodings/iso8859_4.pyc
  • encodings/iso8859_5.pyc
  • encodings/iso8859_6.pyc
  • encodings/iso8859_7.pyc
  • encodings/iso8859_8.pyc
  • encodings/iso8859_9.pyc
  • encodings/johab.pyc
  • encodings/koi8_r.pyc
  • encodings/koi8_t.pyc
  • encodings/koi8_u.pyc
  • encodings/kz1048.pyc
  • encodings/latin_1.pyc
  • encodings/mac_arabic.pyc
  • encodings/mac_centeuro.pyc
  • encodings/mac_croatian.pyc
  • encodings/mac_cyrillic.pyc
  • encodings/mac_farsi.pyc
  • encodings/mac_greek.pyc
  • encodings/mac_iceland.pyc
  • encodings/mac_latin2.pyc
  • encodings/mac_roman.pyc
  • encodings/mac_romanian.pyc
  • encodings/mac_turkish.pyc
  • encodings/mbcs.pyc
  • encodings/oem.pyc
  • encodings/palmos.pyc
  • encodings/ptcp154.pyc
  • encodings/punycode.pyc
  • encodings/quopri_codec.pyc
  • encodings/raw_unicode_escape.pyc
  • encodings/rot_13.pyc
  • encodings/shift_jis.pyc
  • encodings/shift_jis_2004.pyc
  • encodings/shift_jisx0213.pyc
  • encodings/tis_620.pyc
  • encodings/undefined.pyc
  • encodings/unicode_escape.pyc
  • encodings/utf_16.pyc
  • encodings/utf_16_be.pyc
  • encodings/utf_16_le.pyc
  • encodings/utf_32.pyc
  • encodings/utf_32_be.pyc
  • encodings/utf_32_le.pyc
  • encodings/utf_7.pyc
  • encodings/utf_8.pyc
  • encodings/utf_8_sig.pyc
  • encodings/uu_codec.pyc
  • encodings/zlib_codec.pyc
  • enum.pyc
  • fnmatch.pyc
  • functools.pyc
  • genericpath.pyc
  • heapq.pyc
  • importlib/__init__.pyc
  • importlib/_bootstrap.pyc
  • importlib/_bootstrap_external.pyc
  • importlib/abc.pyc
  • importlib/machinery.pyc
  • importlib/metadata.pyc
  • importlib/resources.pyc
  • importlib/util.pyc
  • io.pyc
  • ipaddress.pyc
  • keyword.pyc
  • ntpath.pyc
  • operator.pyc
  • os.pyc
  • pathlib.pyc
  • posixpath.pyc
  • re.pyc
  • reprlib.pyc
  • shutil.pyc
  • site.pyc
  • sre_compile.pyc
  • sre_constants.pyc
  • sre_parse.pyc
  • stat.pyc
  • struct.pyc
  • threading.pyc
  • types.pyc
  • urllib/__init__.pyc
  • urllib/error.pyc
  • urllib/parse.pyc
  • urllib/request.pyc
  • urllib/response.pyc
  • urllib/robotparser.pyc
  • warnings.pyc
  • zipapp.pyc
  • zipfile.pyc
  • zipimport.pyc
  • run_process.avi
  • vcruntime140.dll
    .dll windows:6 windows x64 arch:x64

    44c3854843f7a3fccdf8ddbbea66f302


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • vcruntime140_1.dll
    .dll windows:6 windows x64 arch:x64

    ae0bde6314fa2027b54ce04898f6ab69


    Code Sign

    Headers

    Imports

    Exports

    Sections