Overview

overview

3

Static

static

3

e0ccf2f696...46.exe

windows7-x64

3

e0ccf2f696...46.exe

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...re.dll

windows7-x64

3

$PLUGINSDI...re.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ip.dll

windows7-x64

3

$PLUGINSDI...ip.dll

windows10-2004-x64

3

Alawar.html

windows7-x64

3

Alawar.html

windows10-2004-x64

3

games.html

windows7-x64

3

games.html

windows10-2004-x64

3

$TEMP/Yand...up.exe

windows7-x64

3

$TEMP/Yand...up.exe

windows10-2004-x64

3

license.html

windows7-x64

3

license.html

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    e0ccf2f6967bd750a33eb7b4baec7b641b0bce3ba67ced64f635370098619546

  • Size

    983KB

  • MD5

    558d6e49c28f887a2776ed47b38d080d

  • SHA1

    f608162535abecbd792a9b87a738f771e931882d

  • SHA256

    e0ccf2f6967bd750a33eb7b4baec7b641b0bce3ba67ced64f635370098619546

  • SHA512

    a4432784c4823ed94abb34f332bb396ce93a2e23b52e613f9f606daca1edaa01cad75314741299d30e54526793a1be84894c5984d1a36a93cc84f2d9eea1f41c

  • SSDEEP

    12288:pmJ9TxAgNE5a8jHhhRhow3Ftoxr7jIeQSt22ho8b1Ikjf4kFHjRC1HvgAbT9d:pmJ9TBe5aihjH34IbSMBshjFRj0gYd

Score
3/10

Malware Config

Signatures

  • Unsigned PE 10 IoCs

    Checks for missing Authenticode signature.

Files

  • e0ccf2f6967bd750a33eb7b4baec7b641b0bce3ba67ced64f635370098619546
    .exe windows:5 windows x86 arch:x86

    b729b61eb1515fcf7b3e511e4e66258b


    Headers

    Imports

    Sections

  • $PLUGINSDIR/BrowserInfo.dll
    .dll windows:5 windows x86 arch:x86

    aab94b271d11a958b90de558994119aa


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ButtonEvent.dll
    .dll windows:5 windows x86 arch:x86

    59070d80178eb0db7b7113b7a8608502


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:5 windows x86 arch:x86

    e981c0ab92cb1f191bb5e23392e14796


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISpcre.dll
    .dll windows:5 windows x86 arch:x86

    836f4951fb4175e54bfc7d7dac9c4c85


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/alawar-elements.bmp
  • $PLUGINSDIR/inetc.dll
    .dll windows:5 windows x86 arch:x86

    0ca59bdeada30c9db45574a2801b70d8


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:5 windows x86 arch:x86

    8700d0ebbb41c81ea52718af1ab70a93


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsUnzip.dll
    .dll windows:5 windows x86 arch:x86

    66e414936a2f6934e6e40d52047d6b75


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/opera_logo.bmp
  • $PLUGINSDIR/yandex_logo_illustration.bmp
  • $TEMP/AlawarGames_$_22_.gadget
    .cab
  • Alawar.html
    .js
  • gadget.xml
  • games.html
    .html
  • images/background.jpg
    .jpg
  • images/bg.gif
    .gif
  • images/bot_01.png
    .png
  • images/bot_02.png
    .png
  • images/bottom_bg.jpg
    .jpg
  • images/btn_01.png
    .png
  • images/btn_01hover.png
    .png
  • images/btn_02.png
    .png
  • images/btn_02hover.png
    .png
  • images/download.gif
    .gif
  • images/img.jpg
    .jpg
  • images/img_02.png
    .png
  • images/info.png
    .png
  • images/logo.png
    .png
  • $TEMP/YandexPackSetup.exe
    .exe windows:5 windows x86 arch:x86

    9869fb1ab454cdd4ec62c0de8a7b1cf7


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/yandex_pids.txt
  • license.html
    .html
  • license.txt