Overview

overview

7

Static

static

3

a8e0d115b8...7f.exe

windows7-x64

7

a8e0d115b8...7f.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/Inst...32.dll

windows7-x64

3

$TEMP/Inst...32.dll

windows10-2004-x64

3

$_1_/AVSca...nt.dll

windows7-x64

3

$_1_/AVSca...nt.dll

windows10-2004-x64

3

$_1_/McAfeeMSS_IE.dll

windows7-x64

7

$_1_/McAfeeMSS_IE.dll

windows10-2004-x64

7

$_1_/McCHSvc.exe

windows7-x64

3

$_1_/McCHSvc.exe

windows10-2004-x64

3

$_1_/McUICnt.exe

windows7-x64

3

$_1_/McUICnt.exe

windows10-2004-x64

3

$_1_/McUpdater.dll

windows7-x64

3

$_1_/McUpdater.dll

windows10-2004-x64

3

$_1_/SSScheduler.exe

windows7-x64

3

$_1_/SSScheduler.exe

windows10-2004-x64

3

$_1_/Secur...er.dll

windows7-x64

3

$_1_/Secur...er.dll

windows10-2004-x64

3

$_1_/Secur...LD.dll

windows7-x64

1

$_1_/Secur...LD.dll

windows10-2004-x64

1

$_1_/WMIScanner.dll

windows7-x64

3

$_1_/WMIScanner.dll

windows10-2004-x64

3

$_1_/WebIn...er.dll

windows7-x64

3

$_1_/WebIn...er.dll

windows10-2004-x64

3

$_1_/mcbrwsr2.dll

windows7-x64

3

$_1_/mcbrwsr2.dll

windows10-2004-x64

3

$_1_/mcscan32.dll

windows7-x64

3

$_1_/mcscan32.dll

windows10-2004-x64

3

$_1_/npMcAfeeMSS.dll

windows7-x64

3

$_1_/npMcAfeeMSS.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a8e0d115b81e8974e7e5a6e1bcc3bdb7e81b8ef8347561f7c1e207add2c8d37f

  • Size

    3.0MB

  • MD5

    f7dc064722d9831d9a0f36d86903f30d

  • SHA1

    273f36c5be90f186d288438626caa3bc5f56c760

  • SHA256

    a8e0d115b81e8974e7e5a6e1bcc3bdb7e81b8ef8347561f7c1e207add2c8d37f

  • SHA512

    e60c1c13388fa0be8696fd999b010630172e74156f542fdf438427089e0f42e2aff8d7eebcde9a11d8a9fdae5b4563318fa26f0cc6cfd5591b42fbc6cb794689

  • SSDEEP

    49152:8YFja1379VW8QzKxdriSTnYIU4+C7nqIEgRAw9Im57ivLkTQEpKXKOKkZm9m0b28:7a1zW8fdyLmn9/ulvL36OZZsbBEHOwuN

Score
3/10

Malware Config

Signatures

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • a8e0d115b81e8974e7e5a6e1bcc3bdb7e81b8ef8347561f7c1e207add2c8d37f
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ftconfig.ini
  • $TEMP/InstallHelp/SecurityScanner32.dll
    .dll windows:5 windows x86 arch:x86

    75b9f36d40cc1c98e71e3b881f8feb7a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/AVScanComponent.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    35d5848d2df674119d0ebf8335899b1d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/AVScanner.ini
  • $_1_/MCCompHostConfig.ini
  • $_1_/McAfee.ico
  • $_1_/McAfeeMSS_IE.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    37582229b20019cf557825608629bee6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/McCHSvc.exe
    .exe windows:5 windows x86 arch:x86

    603d97f2e7030c168d81f6ad456a5739


    Code Sign

    Headers

    Imports

    Sections

  • $_1_/McUICnt.exe
    .exe windows:5 windows x86 arch:x86

    801583edf04c83dca6d5a7c2aafb6f9f


    Code Sign

    Headers

    Imports

    Sections

  • $_1_/McUpdater.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    355fa80a585e5e270101478d9d0bd44f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/SSScheduler.exe
    .exe windows:5 windows x86 arch:x86

    183bd4fad5e59a80b92c89354d994285


    Code Sign

    Headers

    Imports

    Sections

  • $_1_/SecurityScanner.dll
    .dll windows:5 windows x86 arch:x86

    75b9f36d40cc1c98e71e3b881f8feb7a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/SecurityScanner_LD.dll
    .dll windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $_1_/WMIScanner.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    fb212eeb98ba109d19411acaa07acb66


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/WebInfoScanner.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    0538876cb30dd7ddf8a120016992dc57


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/config.dat
  • $_1_/ftconfig.ini
  • $_1_/mcbrwsr2.dll
    .dll windows:5 windows x86 arch:x86

    de9e2b930b6ae2700b4a11160e07aa2e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/mcscan32.dll
    .dll windows:4 windows x86 arch:x86

    361a36d6a6598083251b73e547b26b9c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/npMcAfeeMSS.dll
    .dll windows:5 windows x86 arch:x86

    0516edb33936af6b2ddda6825300e658


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/sa_cache_sqlite.dll
    .dll windows:4 windows x86 arch:x86

    3b8794bb1773e8602953fadc60774de9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/sa_http_win32.dll
    .dll windows:4 windows x86 arch:x86

    1aedb614903f26d345ddfa9a10372e74


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/sa_mbl.dll
    .dll windows:4 windows x86 arch:x86

    0047ec60ad30a0d1e1fa4384f0f5eded


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/sa_store_sqlite.dll
    .dll windows:4 windows x86 arch:x86

    5a9b988adb52ac30f6eeaa290c046dc8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/sacore.dll
    .dll windows:4 windows x86 arch:x86

    81e5e28f56ea755f442313d6154cdc30


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_1_/sacoredata/uds_filetypes.txt
  • $_1_/sacoredata/uds_hosting.txt
  • $_1_/sacoredata/uds_tlds.txt
  • $_1_/signlic.txt
  • $_1_/sqlite3.dll
    .dll windows:4 windows x86 arch:x86

    e39dc569024e2bb048c8c01dc41b0a40


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_34_/SecurityScanner.dll
    .dll windows:5 windows x86 arch:x86

    75b9f36d40cc1c98e71e3b881f8feb7a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_34_/ftconfig.ini
  • uninstall.exe.nsis