Overview

overview

6

Static

static

3

processlas...64.exe

windows7-x64

4

processlas...64.exe

windows10-2004-x64

4

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

CPUEater.exe

windows7-x64

1

CPUEater.exe

windows10-2004-x64

1

Insights.exe

windows7-x64

1

Insights.exe

windows10-2004-x64

1

InstallHelper.exe

windows7-x64

1

InstallHelper.exe

windows10-2004-x64

1

LogViewer.exe

windows7-x64

1

LogViewer.exe

windows10-2004-x64

1

ProcessGovernor.exe

windows7-x64

1

ProcessGovernor.exe

windows10-2004-x64

1

ProcessLasso.exe

windows7-x64

1

ProcessLasso.exe

windows10-2004-x64

1

ProcessLas...er.exe

windows7-x64

3

ProcessLas...er.exe

windows10-2004-x64

5

QuickUpgrade.exe

windows7-x64

6

QuickUpgrade.exe

windows10-2004-x64

6

ThreadRacer.exe

windows7-x64

1

ThreadRacer.exe

windows10-2004-x64

1

TweakScheduler.exe

windows7-x64

1

TweakScheduler.exe

windows10-2004-x64

1

bitsumsess...nt.exe

windows7-x64

1

bitsumsess...nt.exe

windows10-2004-x64

1

pl-update.cmd

windows7-x64

1

pl-update.cmd

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    processlassosetup64.exe

  • Size

    2.5MB

  • MD5

    25414dfb8ba9e0ed21e87232e7cc78a4

  • SHA1

    381fc905a24deb311b208f47fdf97a14f516e91e

  • SHA256

    31020264fb2bd30fd1586dbbe1028995be5f41b2d70786275cd60596f973fcae

  • SHA512

    a06a34f64fcd948d82c5ae12889507dd300f3e0d113c2bf69a512b2281b2079f21159b00c52fa37c2374446b98baf98d470cc71040ee873fb3aa03de12bc2e8e

  • SSDEEP

    49152:g6QcJQhx4rQdj4M1H3/Rnxf+UNaW+bolUaPztowy7zpL52ZeUF2e:grEQhx4rQdb1X/1d7aW+boLztoVtyePe

Score
3/10

Malware Config

Signatures

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • processlassosetup64.exe
    .exe windows:4 windows x86 arch:x86

    61259b55b8912888e90f516ca08dc514


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/INetC.dll
    .dll windows:4 windows x86 arch:x86

    735e27ae3d7df8c0487e4353d04f6f28


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    3e8d18bb71c7ebbda2ddc2a4bb03547b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • CPUEater.exe
    .exe windows:6 windows x64 arch:x64

    e552f1c0c3787fdd2a0a71b644c29930


    Code Sign

    Headers

    Imports

    Sections

  • Insights.exe
    .exe windows:6 windows x64 arch:x64

    74f89e9955284fec179b8ee9e6539621


    Code Sign

    Headers

    Imports

    Sections

  • InstallHelper.exe
    .exe windows:6 windows x64 arch:x64

    5e24f38d0028f722ed1bcc1de585a56d


    Code Sign

    Headers

    Imports

    Sections

  • LICENSES
  • LogViewer.exe
    .exe windows:6 windows x64 arch:x64

    79fd797a58de595e204082369b0a2703


    Code Sign

    Headers

    Imports

    Sections

  • ProcessGovernor.exe
    .exe windows:6 windows x64 arch:x64

    82910950d6b51f4b99df65f2e7b71c47


    Code Sign

    Headers

    Imports

    Sections

  • ProcessLasso.exe
    .exe windows:6 windows x64 arch:x64

    766c35c67e3587c19df0da8f62cd9adf


    Code Sign

    Headers

    Imports

    Sections

  • ProcessLassoLauncher.exe
    .exe windows:6 windows x64 arch:x64

    18900cf98c7e282c614095dc63d3d34f


    Code Sign

    Headers

    Imports

    Sections

  • QuickUpgrade.exe
    .exe windows:6 windows x64 arch:x64

    7c9a1ce7e98173c7ee80281bae94bed2


    Code Sign

    Headers

    Imports

    Sections

  • ThreadRacer.exe
    .exe windows:6 windows x64 arch:x64

    9559bbfdd3a8d2da3b96ee08fc52a18a


    Code Sign

    Headers

    Imports

    Sections

  • TweakScheduler.exe
    .exe windows:6 windows x64 arch:x64

    0ea627502267afbb5c3765b460b5adb2


    Code Sign

    Headers

    Imports

    Sections

  • bitsumsessionagent.exe
    .exe windows:6 windows x64 arch:x64

    a7701cdb73805c1b95559d6cb505e04d


    Code Sign

    Headers

    Imports

    Sections

  • pl-update.cmd
  • pl.cmd
  • plActivate.exe
    .exe windows:6 windows x64 arch:x64

    22d7f60a07d76b286d7cd4ad5096896b


    Code Sign

    Headers

    Imports

    Sections

  • pl_rsrc_bulgarian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_chinese.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_chinese_traditional.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_english.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_finnish.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_french.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_german.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_italian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_japanese.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_korean.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_polish.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_ptbr.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_russian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_slovenian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_spanish.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • srvstub.exe
    .exe windows:6 windows x64 arch:x64

    7d94c4c800ab23365817607fc3a91c3a


    Code Sign

    Headers

    Imports

    Sections

  • start-governor.bat
  • stop-governor.bat
  • testlasso.exe
    .exe windows:6 windows x64 arch:x64

    2c5d2a94a5f323639094dc74dadda94b


    Code Sign

    Headers

    Imports

    Sections

  • uninstall.exe.nsis
  • vistammsc.exe
    .exe windows:6 windows x64 arch:x64

    166753a0276b2ba93b015fbdc7395de2


    Code Sign

    Headers

    Imports

    Sections