Overview

overview

8

Static

static

3

assets.appx

windows7-x64

assets.appx

windows10-2004-x64

PsfRunDll32.exe

windows7-x64

1

PsfRunDll32.exe

windows10-2004-x64

3

PsfRunDll64.exe

windows7-x64

1

PsfRunDll64.exe

windows10-2004-x64

1

PsfRuntime32.dll

windows7-x64

3

PsfRuntime32.dll

windows10-2004-x64

3

PsfRuntime64.dll

windows7-x64

1

PsfRuntime64.dll

windows10-2004-x64

1

StartingSc...er.ps1

windows7-x64

3

StartingSc...er.ps1

windows10-2004-x64

3

VFS/AppDat...pg.exe

windows7-x64

1

VFS/AppDat...pg.exe

windows10-2004-x64

3

VFS/AppDat...nv.dll

windows7-x64

3

VFS/AppDat...nv.dll

windows10-2004-x64

3

cdj.ps1

windows7-x64

3

cdj.ps1

windows10-2004-x64

8

main-x86.appx

windows7-x64

main-x86.appx

windows10-2004-x64

scale-125.appx

windows7-x64

scale-125.appx

windows10-2004-x64

scale-150.appx

windows7-x64

scale-150.appx

windows10-2004-x64

scale-200.appx

windows7-x64

scale-200.appx

windows10-2004-x64

scale-400.appx

windows7-x64

scale-400.appx

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19162461754.zip

  • Size

    351.4MB

  • MD5

    d2dfc2af67c5aafbd8d2a3b730d98975

  • SHA1

    9fd568796a78e19068c4a7ff2f81883a7f37489f

  • SHA256

    ca89ece9ef5c87d61d2900ff23d9f0e2664e533cab9f2cb44daa69179e83b885

  • SHA512

    a920ec5c14c0f0558bda6482814a6a93334fb34437fc2b91f8526fb074148e138e04d2e0fe275f7dfe8c86c89e91f280aca78e238104d84fe2cd7deea3f475b4

  • SSDEEP

    6291456:QUAibjQ/sKiokcHdTlMnAx825kSckoagvMd7TCoufnIia1HYErK:VbjQ7iokwvMAx8Nk32kTComI4V

Score
3/10

Malware Config

Signatures

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 19162461754.zip
    .zip

    Password: infected

  • 4b233f9ef07130e56716c00a226b23b00594d1b7a2bc8fd162b9406b5e2ebeab
    .zip

    Password: infected

  • AppxBlockMap.xml
    .xml
  • AppxMetadata/AppxBundleManifest.xml
    .xml
  • AppxSignature.p7x
  • [Content_Types].xml
    .xml
  • assets.appx
    .appx

    Password: infected

  • AppxBlockMap.xml
    .xml
  • AppxManifest.xml
    .xml
  • AppxMetadata/CodeIntegrity.cat
  • AppxSignature.p7x
  • Assets/calendly.exeSquare44x44Logo.targetsize-16.png
    .png

    Password: infected

  • Assets/calendly.exeSquare44x44Logo.targetsize-16_altform-lightunplated.png
    .png

    Password: infected

  • Assets/calendly.exeSquare44x44Logo.targetsize-16_altform-unplated.png
    .png

    Password: infected

  • Assets/calendly.exeSquare44x44Logo.targetsize-24.png
    .png

    Password: infected

  • Assets/calendly.exeSquare44x44Logo.targetsize-24_altform-lightunplated.png
    .png

    Password: infected

  • Assets/calendly.exeSquare44x44Logo.targetsize-24_altform-unplated.png
    .png

    Password: infected

  • Assets/calendly.exeSquare44x44Logo.targetsize-256.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-256_altform-lightunplated.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-256_altform-unplated.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-32.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-32_altform-lightunplated.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-32_altform-unplated.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-48.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-48_altform-lightunplated.png
    .png
  • Assets/calendly.exeSquare44x44Logo.targetsize-48_altform-unplated.png
    .png
  • PsfRunDll32.exe
    .exe windows:6 windows x86 arch:x86

    2a22b6fe5189b8928e2d5bffd5eb859c


    Code Sign

    Headers

    Imports

    Sections

  • PsfRunDll64.exe
    .exe windows:6 windows x64 arch:x64

    fbfe9cc74dcec3523d7b9afacb5c4d17


    Code Sign

    Headers

    Imports

    Sections

  • PsfRuntime32.dll
    .dll windows:6 windows x86 arch:x86

    a17591684e7aeb718d0c838e2837fe98


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • PsfRuntime64.dll
    .dll windows:6 windows x64 arch:x64

    422d9d5ae950b18d15f6e774aaf5b3ed


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • StartingScriptWrapper.ps1
    .ps1
  • SwapRegHelper10.zip
  • SwapRegHelper100.zip
  • SwapRegHelper200.zip
  • SwapRegHelper20_2.zip
  • VFS/AppData/local/gpg.exe
    .exe windows:4 windows x86 arch:x86

    b94d5b6e4b62e1e66866eed7dc715e51


    Headers

    Imports

    Sections

  • VFS/AppData/local/iconv.dll
    .dll windows:4 windows x86 arch:x86

    e7aa0aeef61e4ca89f4b87b602f40e02


    Headers

    Imports

    Exports

    Sections

  • [Content_Types].xml
    .xml
  • cdj.ps1
  • config.json
  • images.png
    .png
  • main-x86.appx
    .appx
  • scale-125.appx
    .appx
  • scale-150.appx
    .appx
  • scale-200.appx
    .appx
  • scale-400.appx
    .appx