Overview

overview

7

Static

static

7

d4c8a3819b...0N.exe

windows7-x64

7

d4c8a3819b...0N.exe

windows10-2004-x64

7

"aminstall.dll

windows7-x64

3

"aminstall.dll

windows10-2004-x64

3

"solitaire.exe

windows7-x64

3

"solitaire.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

fmod.dll

windows7-x64

7

fmod.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4c8a3819b2059058dd8a62885f70d40N

  • Size

    3.0MB

  • MD5

    d4c8a3819b2059058dd8a62885f70d40

  • SHA1

    72f02df2f8165189721bd2a10bb5b614c9b265b4

  • SHA256

    1d85c77ca084345fb0746d17b71c2da66cbd7b87c8c385b05ca205525d058dd8

  • SHA512

    c42c229b59de9de3fe4b05476213f9ab4b479f3ab2e91d78c11c506fe1cfce8c17633bd56bdbdff1ebe15a976935601aa769eef9da220abd9a0fa8f7a33034e1

  • SSDEEP

    98304:Xgk4gyY1nreB41lPyO37TLN1aavvKScI1iBXwJ8:XgkXyYpyB43PLvAXU8

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 9 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • d4c8a3819b2059058dd8a62885f70d40N
    .exe windows:4 windows x86 arch:x86

    dae718ca7c0da2949ad685c2d593ec7a


    Headers

    Imports

    Sections

  • "aminstall.dll"
    .dll windows:4 windows x86 arch:x86

    39bf2f9400b25dffe6038f4810921a11


    Headers

    Imports

    Exports

    Sections

  • "solitaire.exe"
    .exe windows:4 windows x86 arch:x86

    51c4e98e76bd946f81a1a9c26b55ce8b


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    3764e6c387ce3c76b39936a24d523dce


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    aebc3107701149edfc563b8db7a789fd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    445ca064c668ebcb89957d525a8bef23


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    dae718ca7c0da2949ad685c2d593ec7a


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    3764e6c387ce3c76b39936a24d523dce


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • data.zip
    .zip
  • cards/deck.bmp
  • cards/deck.spr
  • cards/hint.bmp
  • cards/hint.spr
  • cards/karo.bmp
  • cards/karo.spr
  • cards/kijelol.spr
  • cards/kijelol3.bmp
  • cards/kor.bmp
  • cards/kor.spr
  • cards/pikk.bmp
  • cards/pikk.spr
  • cards/place.bmp
  • cards/place.spr
  • cards/places.bmp
  • cards/shadow.bmp
  • cards/shadow.spr
  • cards/treff.bmp
  • cards/treff.spr
  • cards/value_drop.bmp
  • cards/value_drop.spr
  • credits/credits_over.bmp
  • credits/credits_over.spr
  • credits/credits_tit.bmp
  • credits/credits_tit.spr
  • credits/flair.bmp
  • credits/flair.spr
  • credits/screen1.bmp
  • credits/screen1.spr
  • credits/screen1b.bmp
  • credits/screen1b.spr
  • credits/screen2.bmp
  • credits/screen2.spr
  • credits/screen3.bmp
  • credits/screen3.spr
  • fonts/11pt_tahoma.bmp
  • fonts/11pt_tahoma.dat
  • fonts/11pt_tahoma.fnt
  • fonts/11pt_tahoma.spr
  • fonts/9pt_tahoma.bmp
  • fonts/9pt_tahoma.dat
  • fonts/9pt_tahoma.fnt
  • fonts/9pt_tahoma.spr
  • fonts/arial14pt.bmp
  • fonts/arial14pt.dat
  • fonts/arial14pt.fnt
  • fonts/arial14pt.spr
  • fonts/font1.bmp
  • fonts/font1.dat
  • fonts/font1.fnt
  • fonts/font1.spr
  • fonts/font3.bmp
  • fonts/font3.dat
  • fonts/font3.fnt
  • fonts/font3.spr
  • fonts/font_timer.bmp
  • fonts/font_timer.dat
  • fonts/font_timer.fnt
  • fonts/font_timer.spr
  • games/blind.bmp
  • games/blind.spr
  • games/canfield.bmp
  • games/canfield.spr
  • games/chinese.bmp
  • games/chinese.spr
  • games/east.bmp
  • games/east.spr
  • games/fourteen.bmp
  • games/fourteen.spr
  • games/freecell.bmp
  • games/freecell.spr
  • games/golf.bmp
  • games/golf.spr
  • games/klondike.bmp
  • games/klondike.spr
  • games/pyramid.bmp
  • games/pyramid.spr
  • games/pyramidgolf.bmp
  • games/pyramidgolf.spr
  • gamescreen/clock.bmp
  • gamescreen/clock.spr
  • gamescreen/desk.bmp
  • gamescreen/desk.spr
  • gamescreen/game.def
  • gamescreen/game_deal.bmp
  • gamescreen/game_deal.spr
  • gamescreen/game_exit.bmp
  • gamescreen/game_exit.spr
  • gamescreen/game_hint.bmp
  • gamescreen/game_hint.spr
  • gamescreen/game_music.bmp
  • gamescreen/game_music.spr
  • gamescreen/game_replay.bmp
  • gamescreen/game_replay.spr
  • gamescreen/game_sound.bmp
  • gamescreen/game_sound.spr
  • gamescreen/game_undo.bmp
  • gamescreen/game_undo.spr
  • help/help_over.bmp
  • help/help_over.spr
  • help/help_tit.bmp
  • help/help_tit.spr
  • help/stat_over.bmp
  • help/stat_over.spr
  • mainmenu/g_s_credits.bmp
  • mainmenu/g_s_credits.spr
  • mainmenu/g_s_descr.bmp
  • mainmenu/g_s_descr.spr
  • mainmenu/g_s_exit.bmp
  • mainmenu/g_s_exit.spr
  • mainmenu/g_s_help.bmp
  • mainmenu/g_s_help.spr
  • mainmenu/g_s_menu.bmp
  • mainmenu/g_s_menu.spr
  • mainmenu/g_s_prev.bmp
  • mainmenu/g_s_prev.spr
  • mainmenu/g_s_reset.bmp
  • mainmenu/g_s_reset.spr
  • mainmenu/g_s_screen.bmp
  • mainmenu/g_s_screen.spr
  • mainmenu/g_s_screen1.bmp
  • mainmenu/g_s_screen1.spr
  • mainmenu/g_s_settings.bmp
  • mainmenu/g_s_settings.spr
  • mainmenu/g_s_stat.bmp
  • mainmenu/g_s_stat.spr
  • mainmenu/g_s_stat_old.bmp
  • mainmenu/g_s_table.bmp
  • mainmenu/menu.def
  • mainmenu/menu2.def
  • mainmenu/play1.bmp
  • mainmenu/play1.spr
  • mainmenu/settings_ok.bmp
  • mainmenu/settings_ok.spr
  • mainmenu/stat_reset.bmp
  • mainmenu/stat_reset.spr
  • music/down.xm
  • music/overthere.xm
  • music/solitude.xm
  • rules.def
  • settings/settings_over.bmp
  • settings/settings_over.spr
  • settings/settings_tit.bmp
  • settings/settings_tit.spr
  • sounds/cardhitcard.wav
  • sounds/cardhitwood.wav
  • sounds/cardturn1.wav
  • sounds/cardturn2.wav
  • sounds/cut1.wav
  • sounds/doublecut.wav
  • sounds/quickshuffle1.wav
  • sounds/quickshuffle2.wav
  • sounds/shuffle1.wav
  • sounds/tap1.wav
  • sounds/tap2.wav
  • sounds/win.wav
  • titles/blind_tit.bmp
  • titles/blind_tit.spr
  • titles/canfield_tit.bmp
  • titles/canfield_tit.spr
  • titles/chinese_tit.bmp
  • titles/chinese_tit.spr
  • titles/east_tit.bmp
  • titles/east_tit.spr
  • titles/fourteen_tit.bmp
  • titles/fourteen_tit.spr
  • titles/freecell_tit.bmp
  • titles/freecell_tit.spr
  • titles/golf_tit.bmp
  • titles/golf_tit.spr
  • titles/klondike_tit.bmp
  • titles/klondike_tit.spr
  • titles/pyramid_tit.bmp
  • titles/pyramid_tit.spr
  • titles/pyramidgolf_tit.bmp
  • titles/pyramidgolf_tit.spr
  • ui/ui_check.bmp
  • ui/ui_check.spr
  • ui/ui_radio.bmp
  • ui/ui_radio.spr
  • fmod.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • settings.ini
  • stats.bin