Overview

overview

3

Static

static

3

be9d0a3e99...6N.exe

windows7-x64

3

be9d0a3e99...6N.exe

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...tp.dll

windows7-x64

3

$PLUGINSDI...tp.dll

windows10-2004-x64

3

$PLUGINSDI...tn.dll

windows7-x64

3

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...rl.dll

windows7-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ol.htm

windows7-x64

3

$PLUGINSDI...ol.htm

windows10-2004-x64

3

$PLUGINSDI...oll.js

windows7-x64

3

$PLUGINSDI...oll.js

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

YoukuDesktop.exe

windows7-x64

1

YoukuDesktop.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    be9d0a3e9968c43b8a0cd786b9e8e46eba2d4e1ff207ded1165528720705c226N

  • Size

    1.9MB

  • MD5

    ff03aaa8366516c2873c678814eba6e0

  • SHA1

    f07339c2ec0c90bca43a6c51a7fed86f12052bc8

  • SHA256

    be9d0a3e9968c43b8a0cd786b9e8e46eba2d4e1ff207ded1165528720705c226

  • SHA512

    c6fc4aa1785baf0204ee6f19fb044ef8220dd757f1e74069ba86fb184e2cbc2b2a96b6147a54d72111b370a1dc4e6363a0d074c8c2b36306c44487ad8f8c111a

  • SSDEEP

    24576:FxO1JSGD7elcsk6KxgyqlJ3wQ5wWqn3H6Zx8AZ3OUwIVwhM0pbwt9oCuFFNdIB8P:/Oise79ogl5EwVwhM0pwtO/r8U6H7GV

Score
3/10

Malware Config

Signatures

  • Unsigned PE 24 IoCs

    Checks for missing Authenticode signature.

Files

  • be9d0a3e9968c43b8a0cd786b9e8e46eba2d4e1ff207ded1165528720705c226N
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Headers

    Imports

    Sections

  • $PLUGINSDIR/BgWorker.dll
    .dll windows:4 windows x86 arch:x86

    db2755f409b81c4dbfc04f648cfb80b9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/GetVersion.dll
    .dll windows:4 windows x86 arch:x86

    5e41893d1528e7648e03f81030aca366


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Rfshdktp.dll
    .dll windows:4 windows x86 arch:x86

    042f3c184e7c0923b6325ab1dc09aed7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinBtn.dll
    .dll windows:4 windows x86 arch:x86

    baf2d405231cd43dae48df474a521d01


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinProgress.dll
    .dll windows:4 windows x86 arch:x86

    df38729be926f91d3390389029adf53b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:5 windows x86 arch:x86

    96b1473ae2c35072eabdf1009277c4fb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WebCtrl.dll
    .dll windows:4 windows x86 arch:x86

    edf01e434638f2238a21d45d26ed9a7d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WndSubclass.dll
    .dll windows:4 windows x86 arch:x86

    2ec59a729805f86a974bca3a2fda3a40


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/btn_OK.bmp
  • $PLUGINSDIR/btn_browser.bmp
  • $PLUGINSDIR/btn_close.bmp
  • $PLUGINSDIR/btn_finish.bmp
  • $PLUGINSDIR/btn_install.bmp
  • $PLUGINSDIR/btn_min.bmp
  • $PLUGINSDIR/btn_success.bmp
  • $PLUGINSDIR/btn_whitebg_install.bmp
  • $PLUGINSDIR/btn_xieyi.bmp
  • $PLUGINSDIR/btn_zidingyi.bmp
  • $PLUGINSDIR/chk_selected.bmp
  • $PLUGINSDIR/chk_unselect.bmp
  • $PLUGINSDIR/directory.bmp
  • $PLUGINSDIR/finish.bmp
  • $PLUGINSDIR/header1.bmp
  • $PLUGINSDIR/img_guanlian.bmp
  • $PLUGINSDIR/img_kuaijiefangshi.bmp
  • $PLUGINSDIR/img_youjiancaidan.bmp
  • $PLUGINSDIR/index.htm
    .html .js polyglot
  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    3f1149a3053980fe6b461521d2b55a2c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/install_protocol.htm
    .html
  • $PLUGINSDIR/installation.bmp
  • $PLUGINSDIR/jsScroll.js
    .js
  • $PLUGINSDIR/loading1.bmp
  • $PLUGINSDIR/loading2.bmp
  • $PLUGINSDIR/loading_pic1.bmp
  • $PLUGINSDIR/loading_pic2.bmp
  • $PLUGINSDIR/loading_pic3.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/tongyi.bmp
  • $PLUGINSDIR/welcome.bmp
  • $PLUGINSDIR/xieyibg.bmp
  • YoukuDesktop.exe
    .exe windows:5 windows x86 arch:x86

    97ce971594c36a8d97fad468ab2984fa


    Code Sign

    Headers

    Imports

    Sections

  • ikuacc.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • uninstall.exe
    .exe windows:5 windows x86 arch:x86

    32f3282581436269b3a75b6675fe3e08


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/BgWorker.dll
    .dll windows:4 windows x86 arch:x86

    db2755f409b81c4dbfc04f648cfb80b9


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/GetVersion.dll
    .dll windows:4 windows x86 arch:x86

    5e41893d1528e7648e03f81030aca366


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Rfshdktp.dll
    .dll windows:4 windows x86 arch:x86

    042f3c184e7c0923b6325ab1dc09aed7


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinBtn.dll
    .dll windows:4 windows x86 arch:x86

    baf2d405231cd43dae48df474a521d01


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SkinProgress.dll
    .dll windows:4 windows x86 arch:x86

    df38729be926f91d3390389029adf53b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/WndSubclass.dll
    .dll windows:4 windows x86 arch:x86

    2ec59a729805f86a974bca3a2fda3a40


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/btn_cancel.bmp
  • $PLUGINSDIR/btn_uninst_close.bmp
  • $PLUGINSDIR/btn_uninst_finish.bmp
  • $PLUGINSDIR/btn_uninst_min.bmp
  • $PLUGINSDIR/btn_uninstall.bmp
  • $PLUGINSDIR/chk_selected.bmp
  • $PLUGINSDIR/chk_unselect.bmp
  • $PLUGINSDIR/header2.bmp
  • $PLUGINSDIR/img_uninstall_baoliu.bmp
  • $PLUGINSDIR/img_uninstallreason1.bmp
  • $PLUGINSDIR/img_uninstallreason2.bmp
  • $PLUGINSDIR/img_uninstallreason3.bmp
  • $PLUGINSDIR/img_uninstallreason4.bmp
  • $PLUGINSDIR/img_uninstallreason5.bmp
  • $PLUGINSDIR/img_uninstallreason6.bmp
  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    3f1149a3053980fe6b461521d2b55a2c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/loading1.bmp
  • $PLUGINSDIR/loading3.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:5 windows x86 arch:x86

    9ea5bdc8c90dfcffe309465c26c89758


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:4 windows x86 arch:x86

    c9fc7f6df8fedf8f8f1f9f820c072664


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/unFinish.bmp
  • $PLUGINSDIR/unInstallation.bmp
  • $PLUGINSDIR/unWelcome.bmp