Overview

overview

7

Static

static

3

e275e8febf...37.exe

windows7-x64

7

e275e8febf...37.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$SYSDIR/CEA_Crypt.dll

windows7-x64

3

$SYSDIR/CEA_Crypt.dll

windows10-2004-x64

3

$SYSDIR/FT...nk.dll

windows7-x64

3

$SYSDIR/FT...nk.dll

windows10-2004-x64

3

$SYSDIR/In...11.dll

windows7-x64

3

$SYSDIR/In...11.dll

windows10-2004-x64

3

$SYSDIR/In..._s.dll

windows7-x64

3

$SYSDIR/In..._s.dll

windows10-2004-x64

3

$SYSDIR/Pa...rl.dll

windows7-x64

5

$SYSDIR/Pa...rl.dll

windows10-2004-x64

5

$SYSDIR/Pa...rl.dll

windows7-x64

5

$SYSDIR/Pa...rl.dll

windows10-2004-x64

5

$SYSDIR/Pa...ns.exe

windows7-x64

3

$SYSDIR/Pa...ns.exe

windows10-2004-x64

3

$SYSDIR/Pa...64.dll

windows7-x64

7

$SYSDIR/Pa...64.dll

windows10-2004-x64

5

$SYSDIR/Pa...ns.exe

windows7-x64

3

$SYSDIR/Pa...ns.exe

windows10-2004-x64

3

$SYSDIR/pa...ns.exe

windows7-x64

3

$SYSDIR/pa...ns.exe

windows10-2004-x64

3

$SYSDIR/pr...RA.dll

windows7-x64

3

$SYSDIR/pr...RA.dll

windows10-2004-x64

3

$SYSDIR/stwebdll.dll

windows7-x64

3

$SYSDIR/stwebdll.dll

windows10-2004-x64

3

$TEMP/EsWe...it.exe

windows7-x64

7

$TEMP/EsWe...it.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37

  • Size

    6.3MB

  • MD5

    9190aaff6a444edb896ed5c228c26276

  • SHA1

    e7a1745c17b141159e87a6d8ade23ac7815c74d9

  • SHA256

    e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37

  • SHA512

    aa75ce03ef8594f066ffc2d16e0658637a6d9544c81555b8199a4d17fd42e35980e8a676f9f5b700ba966f3563cdd4816714014bcf5533e42b16379540c9a6b8

  • SSDEEP

    196608:z6xePNL9ONBrYuU7yBCiAYPnGjzJIerhV5Q:zAA99ONuC5AYPnYJIe1V5

Score
3/10

Malware Config

Signatures

  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • e275e8febf42d63d37ded05b4e6aacc1b36b9ace6318cd09d65b822037464c37
    .exe windows:5 windows x86 arch:x86

    b729b61eb1515fcf7b3e511e4e66258b


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:5 windows x86 arch:x86

    45d25ca52c312b2254c60dbcb30342d1


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/CEA_Crypt.dll
    .dll windows:4 windows x86 arch:x86

    6e2260b809850e0def413542d0f68b21


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/FTInitlize_bank.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    ccf0cfbb2fcc9b07080b154f4faf840b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/InterPass2000P11.dll
    .dll windows:4 windows x86 arch:x86

    e521f0de7833c7bff5e92107c3d20918


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/InterPass2000P11.sig
  • $SYSDIR/InterPass2000P11_s.dll
    .dll windows:4 windows x86 arch:x86

    894193b67f2a7c5e553d03c0be56f0cd


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/PassGuardCtrl.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    2e9ad455536ab95b227573a53a3652a2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/PassGuardCtrl.inf
  • $SYSDIR/PassGuardCtrlForYBXY/PassGuardCtrl.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    2e9ad455536ab95b227573a53a3652a2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/PassGuardCtrlForYBXY/PassGuardCtrl.inf
  • $SYSDIR/PassGuardCtrlForYBXY/passguardwin7ins.exe
    .exe windows:5 windows x86 arch:x86

    190ee72e6b20b1938f1aba668a774940


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/PassGuardX64ForYBXY/PassGuardX64.dll
    .dll regsvr32 windows:5 windows x64 arch:x64

    f3489b7aea9097013de1e233e0339711


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/PassGuardX64ForYBXY/PassGuardX64.inf
  • $SYSDIR/PassGuardX64ForYBXY/passguardwin7ins.exe
    .exe windows:5 windows x86 arch:x86

    190ee72e6b20b1938f1aba668a774940


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/default.INF
  • $SYSDIR/passguardwin7ins.exe
    .exe windows:5 windows x86 arch:x86

    190ee72e6b20b1938f1aba668a774940


    Code Sign

    Headers

    Imports

    Sections

  • $SYSDIR/printCtl4RA.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    cc129fdc8d7b0907e4a0f2b760ee31ce


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/stwebdll.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    ffc717189b2c1883d919ce4ecab38c6d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/CMCAEn.cer
  • $TEMP/CMCAPer.cer
  • $TEMP/CMCARootCA.cer
  • $TEMP/EsWebSocketKit.exe
    .exe windows:5 windows x86 arch:x86

    b729b61eb1515fcf7b3e511e4e66258b


    Code Sign

    Headers

    Imports

    Sections

  • $0/$8
    .dll windows:4 windows x86 arch:x86

    e64cf421ac763abffc1e5aa263e39f13


    Headers

    Imports

    Exports

    Sections

  • $1/defaults/pref/root_cert_setting_for_websocket.js
  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:5 windows x86 arch:x86

    8700d0ebbb41c81ea52718af1ab70a93


    Headers

    Imports

    Exports

    Sections

  • $TEMP/ca.crt
  • $TEMP/cert.cer
  • $TEMP/nssFirefox64.dll
    .dll windows:5 windows x64 arch:x64

    01b7b93f5aea67366bcb4faee69d01c7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $TEMP/regFirefox64.exe
    .exe windows:5 windows x64 arch:x64

    5147aa1c47b4d837766a320ead12069a


    Code Sign

    Headers

    Imports

    Sections

  • EsFtWebSocket.exe
    .exe windows:5 windows x86 arch:x86

    9c610c44e94a4ebad778c1d37bb5d3d8


    Code Sign

    Headers

    Imports

    Sections

  • EsHttpServer.exe
    .exe windows:5 windows x86 arch:x86

    47e4ed94c00565463ff0b4a9a5ac1d1f


    Code Sign

    Headers

    Imports

    Sections

  • EsWebSocket.exe
    .exe windows:5 windows x86 arch:x86

    9c610c44e94a4ebad778c1d37bb5d3d8


    Code Sign

    Headers

    Imports

    Sections

  • FirefoxMOIT.exe
    .exe windows:5 windows x86 arch:x86

    bf95d1fc1d10de18b32654b123ad5e1f


    Code Sign

    Headers

    Imports

    Sections

  • IActiveXCtrl.dll
    .dll windows:5 windows x86 arch:x86

    7f9ddee5f0a94f8fa72298b23e5063fa


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • cert.cer
  • cert.key
  • dh.pem
  • server.crt
  • server.key
  • $TEMP/ROOTCA.cer
  • $TEMP/startCom.cer
  • AddTrustSite.exe
    .exe windows:4 windows x86 arch:x86

    be15e11e24a457e56b4a36f41a76ee27


    Code Sign

    Headers

    Imports

    Sections

  • certd2ka_YBXY.exe
    .exe windows:4 windows x86 arch:x86

    4c19efb601200d4ccb17f94b74e65938


    Code Sign

    Headers

    Imports

    Sections

  • lang/escertd_1033.lng
  • lang/escertd_2052.lng
  • lang/escsp_1033.lng
  • lang/escsp_2052.lng
  • lang/esmgr_1033.lng
  • lang/esmgr_2052.lng
  • uninst.exe.nsis