Overview

overview

7

Static

static

7

ultravpn-install.exe

windows7-x64

7

ultravpn-install.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

bin/libcurl.dll

windows7-x64

3

bin/libcurl.dll

windows10-2004-x64

3

bin/libeay32.dll

windows7-x64

3

bin/libeay32.dll

windows10-2004-x64

3

bin/libpkc...-1.dll

windows7-x64

3

bin/libpkc...-1.dll

windows10-2004-x64

3

bin/libssl32.dll

windows7-x64

3

bin/libssl32.dll

windows10-2004-x64

3

bin/openvpn-gui.exe

windows7-x64

7

bin/openvpn-gui.exe

windows10-2004-x64

7

bin/openvpn.exe

windows7-x64

1

bin/openvpn.exe

windows10-2004-x64

3

bin/tapinstall.exe

windows7-x64

3

bin/tapinstall.exe

windows10-2004-x64

3

driver/tap0901.sys

windows7-x64

1

driver/tap0901.sys

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    ultravpn-install.exe

  • Size

    1.2MB

  • MD5

    4855c66a0564f5843ff124440a12db86

  • SHA1

    3bdb285c7f6d25b828333b2b8c2580920ed45c3a

  • SHA256

    543839b1b78d4b91702e1b059ff6a9f02642e3ca75fe9e6c5991f967b4ff5b13

  • SHA512

    6ae1128f6315a65c027e8e308fbe07bfc7caa4611069b3d04882ae7d92923583db0dfb848b1c1aeb67e19fa5375b20fe0ea895e6b8196cf274ab09f75636c7ed

  • SSDEEP

    24576:WIA3IXDYHb23a2L9RY0mKjIiJUllvEX2fDrOH7zv4mZaaAeRqyD3FA:WpYzY723a2PtmKLJGvE+izh5rJA

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 12 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs
    installer

Files

  • ultravpn-install.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    1cf4252ebbb4f173d97a6ef4f79a60b5


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    922b855d216a21490e4bcbf6c29b7f7d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    a75ed4b57a83b633f5cb5d4939d72f27


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • OpenVPN GUI ReadMe.txt
  • bin/libcurl.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    cb37765f904efc1e836894504a5b7f48


    Headers

    Imports

    Exports

    Sections

  • bin/libeay32.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    dd21c6e95afca855bb04acc7ca9260ed


    Headers

    Imports

    Exports

    Sections

  • bin/libpkcs11-helper-1.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    4d03c34bebc55eff949efdc1511a029f


    Headers

    Imports

    Exports

    Sections

  • bin/libssl32.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    c2a918d55820329e80cd6cebbda959aa


    Headers

    Imports

    Exports

    Sections

  • bin/openvpn-gui.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • bin/openvpn.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    d52e11aef5b4086ae6b324617de54716


    Headers

    Imports

    Sections

  • bin/tapinstall.exe
    .exe windows:6 windows x86 arch:x86

    d06468ab9c11b378b5ddeb17e2b95db7


    Headers

    Imports

    Sections

  • config/ca.crt
  • config/client.ovpn
  • config/stealthy connect.ovpn
  • driver/OemWin2k.inf
  • driver/tap0901.sys
    .sys windows:6 windows x86 arch:x86

    952b9ef5a3d8fb9c2ae05f06bb0e783c


    Headers

    Imports

    Sections