Overview

overview

3

Static

static

3

4f19f13d5d...0N.exe

windows7-x64

3

4f19f13d5d...0N.exe

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...tp.dll

windows7-x64

3

$PLUGINSDI...tp.dll

windows10-2004-x64

3

$PLUGINSDI...tn.dll

windows7-x64

3

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...rl.dll

windows7-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...ol.htm

windows7-x64

3

$PLUGINSDI...ol.htm

windows10-2004-x64

3

$PLUGINSDI...oll.js

windows7-x64

3

$PLUGINSDI...oll.js

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

YoukuDesktop.exe

windows7-x64

1

YoukuDesktop.exe

windows10-2004-x64

3

ikuacc.exe

windows7-x64

ikuacc.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f19f13d5d3b065b9fe5b47259ad6380N.exe

  • Size

    1.8MB

  • MD5

    4f19f13d5d3b065b9fe5b47259ad6380

  • SHA1

    6978eef566290e85a8cdead26ce6e917c943bbc3

  • SHA256

    8fef46b5b026c0a615b3e62d8a4ebfe9de8787417f17c3d5e4741006b6e4ae79

  • SHA512

    c66a1e1d77c1600b36669e16e7a5eb079ba9eecd39cffe12ee2aff7772aa96295e5e630dfa4d4476a1e471c25a7945374c526ee2b4901db0e0c6c132dbde26ca

  • SSDEEP

    49152:zO2z8olzmdLJvAfjfoEEMh+36IxnYOzg7/:zOO88+JofzoEEc+3nBzW

Score
3/10

Malware Config

Signatures

  • Unsigned PE 23 IoCs

    Checks for missing Authenticode signature.

Files

  • 4f19f13d5d3b065b9fe5b47259ad6380N.exe
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Headers

    Imports

    Sections

  • $PLUGINSDIR/BgWorker.dll
    .dll windows:4 windows x86 arch:x86

    db2755f409b81c4dbfc04f648cfb80b9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/GetVersion.dll
    .dll windows:4 windows x86 arch:x86

    5e41893d1528e7648e03f81030aca366


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Rfshdktp.dll
    .dll windows:4 windows x86 arch:x86

    042f3c184e7c0923b6325ab1dc09aed7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinBtn.dll
    .dll windows:4 windows x86 arch:x86

    baf2d405231cd43dae48df474a521d01


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinProgress.dll
    .dll windows:4 windows x86 arch:x86

    df38729be926f91d3390389029adf53b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:5 windows x86 arch:x86

    96b1473ae2c35072eabdf1009277c4fb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WebCtrl.dll
    .dll windows:4 windows x86 arch:x86

    edf01e434638f2238a21d45d26ed9a7d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WndSubclass.dll
    .dll windows:4 windows x86 arch:x86

    2ec59a729805f86a974bca3a2fda3a40


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/btn_OK.bmp
  • $PLUGINSDIR/btn_browser.bmp
  • $PLUGINSDIR/btn_close.bmp
  • $PLUGINSDIR/btn_finish.bmp
  • $PLUGINSDIR/btn_install.bmp
  • $PLUGINSDIR/btn_min.bmp
  • $PLUGINSDIR/btn_success.bmp
  • $PLUGINSDIR/btn_whitebg_install.bmp
  • $PLUGINSDIR/btn_xieyi.bmp
  • $PLUGINSDIR/btn_zidingyi.bmp
  • $PLUGINSDIR/chk_selected.bmp
  • $PLUGINSDIR/chk_unselect.bmp
  • $PLUGINSDIR/directory.bmp
  • $PLUGINSDIR/finish.bmp
  • $PLUGINSDIR/header1.bmp
  • $PLUGINSDIR/img_guanlian.bmp
  • $PLUGINSDIR/img_kuaijiefangshi.bmp
  • $PLUGINSDIR/img_youjiancaidan.bmp
  • $PLUGINSDIR/index.htm
    .html .js polyglot
  • $PLUGINSDIR/install_protocol.htm
    .html
  • $PLUGINSDIR/installation.bmp
  • $PLUGINSDIR/jsScroll.js
    .js
  • $PLUGINSDIR/loading1.bmp
  • $PLUGINSDIR/loading2.bmp
  • $PLUGINSDIR/loading_pic1.bmp
  • $PLUGINSDIR/loading_pic2.bmp
  • $PLUGINSDIR/loading_pic3.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/tongyi.bmp
  • $PLUGINSDIR/welcome.bmp
  • $PLUGINSDIR/xieyibg.bmp
  • YoukuDesktop.exe
    .exe windows:5 windows x86 arch:x86

    37d93b251bf8bdc87fa35de2b3f02597


    Code Sign

    Headers

    Imports

    Sections

  • ikuacc.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • uninstall.exe
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/BgWorker.dll
    .dll windows:4 windows x86 arch:x86

    db2755f409b81c4dbfc04f648cfb80b9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/GetVersion.dll
    .dll windows:4 windows x86 arch:x86

    5e41893d1528e7648e03f81030aca366


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Rfshdktp.dll
    .dll windows:4 windows x86 arch:x86

    042f3c184e7c0923b6325ab1dc09aed7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinBtn.dll
    .dll windows:4 windows x86 arch:x86

    baf2d405231cd43dae48df474a521d01


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinProgress.dll
    .dll windows:4 windows x86 arch:x86

    df38729be926f91d3390389029adf53b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WndSubclass.dll
    .dll windows:4 windows x86 arch:x86

    2ec59a729805f86a974bca3a2fda3a40


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/btn_cancel.bmp
  • $PLUGINSDIR/btn_uninst_close.bmp
  • $PLUGINSDIR/btn_uninst_finish.bmp
  • $PLUGINSDIR/btn_uninst_min.bmp
  • $PLUGINSDIR/btn_uninstall.bmp
  • $PLUGINSDIR/chk_selected.bmp
  • $PLUGINSDIR/chk_unselect.bmp
  • $PLUGINSDIR/header2.bmp
  • $PLUGINSDIR/img_uninstall_baoliu.bmp
  • $PLUGINSDIR/img_uninstallreason1.bmp
  • $PLUGINSDIR/img_uninstallreason2.bmp
  • $PLUGINSDIR/img_uninstallreason3.bmp
  • $PLUGINSDIR/img_uninstallreason4.bmp
  • $PLUGINSDIR/img_uninstallreason5.bmp
  • $PLUGINSDIR/img_uninstallreason6.bmp
  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    3f1149a3053980fe6b461521d2b55a2c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/loading1.bmp
  • $PLUGINSDIR/loading3.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/unFinish.bmp
  • $PLUGINSDIR/unInstallation.bmp
  • $PLUGINSDIR/unWelcome.bmp