Overview

overview

9

Static

static

9

Everything...up.exe

windows7-x64

4

Everything...up.exe

windows10-2004-x64

4

$PLUGINSDI...ng.exe

windows7-x64

6

$PLUGINSDI...ng.exe

windows10-2004-x64

6

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

NexusProverka.exe

windows7-x64

3

NexusProverka.exe

windows10-2004-x64

3

RegScanner.chm

windows7-x64

1

RegScanner.chm

windows10-2004-x64

1

RegScanner.exe

windows7-x64

1

RegScanner.exe

windows10-2004-x64

1

shellbag_a...1).exe

windows7-x64

3

shellbag_a...1).exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    90b29539f70df17ed88238c15f58c16575a73e43d04978361aafe8c086a0580f

  • Size

    2.5MB

  • MD5

    2454686a51cd297cc3c8741b3cc19272

  • SHA1

    06698390bed354c7984eba3191653d6865dccf5c

  • SHA256

    90b29539f70df17ed88238c15f58c16575a73e43d04978361aafe8c086a0580f

  • SHA512

    9e983c1e566c7b40afcd40440f8b94a7a35d9f56a208fd7fa45826aca67c4998fa61c594f34131812b7d50ea16708fecfcfe91e80bab5af31878855b793f75f9

  • SSDEEP

    49152:mKuv8vhbWuc64qHyyKNRaZH/DNtg9If15a06AAJaZ:ZrLc6nylIrJ3aqAO

Score
9/10

Malware Config

Signatures

  • Detected Nirsoft tools 1 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • 90b29539f70df17ed88238c15f58c16575a73e43d04978361aafe8c086a0580f
    .zip
  • Everything-1.4.1.1026.x86-Setup.exe
    .exe windows:4 windows x86 arch:x86

    61259b55b8912888e90f516ca08dc514


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Everything/Everything.exe
    .exe windows:4 windows x86 arch:x86

    7573208674510652893809b0317e4eb4


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Everything/License.txt
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    4b45b7e00344a87332fbd12653854d1a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.ini
  • $PLUGINSDIR/InstallOptions2.ini
  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    3e8d18bb71c7ebbda2ddc2a4bb03547b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • NexusProverka.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • regscanner-x64 (1).zip
    .zip
  • RegScanner.chm
    .chm
  • RegScanner.exe
    .exe windows:4 windows x64 arch:x64

    97968c1907381cff0ccc74bab3b848c1


    Headers

    Imports

    Sections

  • readme.txt
  • shellbag_analyzer_cleaner (1).exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections