Overview

overview

9

Static

static

9

Everything...up.exe

windows7-x64

4

Everything...up.exe

windows10-2004-x64

4

$PLUGINSDI...ng.exe

windows7-x64

6

$PLUGINSDI...ng.exe

windows10-2004-x64

6

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

NexusProverka.exe

windows7-x64

3

NexusProverka.exe

windows10-2004-x64

3

RegScanner.chm

windows7-x64

1

RegScanner.chm

windows10-2004-x64

1

RegScanner.exe

windows7-x64

1

RegScanner.exe

windows10-2004-x64

1

shellbag_a...1).exe

windows7-x64

3

shellbag_a...1).exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f0aa7faafd267f14e91c1f2cc465bbb5b4b8dc68704391db3a479a43d33a3a7f

  • Size

    2.5MB

  • MD5

    94dabb229f3897b7cedad2ca0d69bab5

  • SHA1

    280eaaef74707018381fb87403b4bc18b1d4b267

  • SHA256

    f0aa7faafd267f14e91c1f2cc465bbb5b4b8dc68704391db3a479a43d33a3a7f

  • SHA512

    c9678cdf7040d747cfe82a8389fbab145d13ef093059c38afc18ecf1889e786a8ac0e58664ae74996fb432b60628f2d30161c7652dcef7018a5d8e8f2695f9b7

  • SSDEEP

    49152:N5a06AAJajKuv8vhbWuc64qHyyKNRaZH/DNtg9Ifr:faqAXrLc6nylIrJr

Score
9/10

Malware Config

Signatures

  • Detected Nirsoft tools 1 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • f0aa7faafd267f14e91c1f2cc465bbb5b4b8dc68704391db3a479a43d33a3a7f
    .zip
  • Everything-1.4.1.1026.x86-Setup.exe
    .exe windows:4 windows x86 arch:x86

    61259b55b8912888e90f516ca08dc514


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Everything/Everything.exe
    .exe windows:4 windows x86 arch:x86

    7573208674510652893809b0317e4eb4


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/Everything/License.txt
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    4b45b7e00344a87332fbd12653854d1a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.ini
  • $PLUGINSDIR/InstallOptions2.ini
  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    3e8d18bb71c7ebbda2ddc2a4bb03547b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • NexusProverka.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • regscanner-x64 (1).zip
    .zip
  • RegScanner.chm
    .chm
  • RegScanner.exe
    .exe windows:4 windows x64 arch:x64

    97968c1907381cff0ccc74bab3b848c1


    Headers

    Imports

    Sections

  • readme.txt
  • shellbag_analyzer_cleaner (1).exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections