Overview

overview

7

Static

static

7

3da6f40f46...9N.exe

windows7-x64

7

3da6f40f46...9N.exe

windows10-2004-x64

7

$LOCALAPPD...und.js

windows7-x64

3

$LOCALAPPD...und.js

windows10-2004-x64

3

$LOCALAPPD...rap.js

windows7-x64

3

$LOCALAPPD...rap.js

windows10-2004-x64

3

$LOCALAPPD...olo.js

windows7-x64

3

$LOCALAPPD...olo.js

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

5

$PLUGINSDI...ON.dll

windows10-2004-x64

5

$PLUGINSDI...le.dll

windows7-x64

3

$PLUGINSDI...le.dll

windows10-2004-x64

3

$_8_/exten...rap.js

windows7-x64

3

$_8_/exten...rap.js

windows10-2004-x64

3

$_8_/exten...mod.js

windows7-x64

3

$_8_/exten...mod.js

windows10-2004-x64

3

$_8_/exten...ing.js

windows7-x64

3

$_8_/exten...ing.js

windows10-2004-x64

3

$_8_/exten...est.js

windows7-x64

3

$_8_/exten...est.js

windows10-2004-x64

3

$_8_/exten...ows.js

windows7-x64

3

$_8_/exten...ows.js

windows10-2004-x64

3

$_8_/exten...ner.js

windows7-x64

3

$_8_/exten...ner.js

windows10-2004-x64

3

$_8_/exten...ils.js

windows7-x64

3

$_8_/exten...ils.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    3da6f40f46cdf1193bdfd88ff6896aca23e8d8552896c175262239b7d94c5139N

  • Size

    490KB

  • MD5

    19df6d00004d084511f3b68da7f59f20

  • SHA1

    e63901a0d94da795369f2f25cd31c0b6d4c70562

  • SHA256

    3da6f40f46cdf1193bdfd88ff6896aca23e8d8552896c175262239b7d94c5139

  • SHA512

    5796d1101ecc3b2473c2deae869b793eee68cb0c4715e8901086a36b777b3a5d3c046adc2a894b7d348c7f158e64e4826084aa3f1f873772f774b34de464d0ce

  • SSDEEP

    12288:3h4kaSenpF/9Ju1z8s9Eat5IiEMDJcUUjGA6Ehxa5WlzNuy:qSenD/9JwLEatWuJOFhxaolhp

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 14 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 3da6f40f46cdf1193bdfd88ff6896aca23e8d8552896c175262239b7d94c5139N
    .exe windows:4 windows x86 arch:x86

    28a099a911237a28521d8b7ea250f089


    Headers

    Imports

    Sections

  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/background.js
    .js
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/bootstrap.js
    .js
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/icon128.png
    .png
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/icon16.png
    .png
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/icon32.png
    .png
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/icon48.png
    .png
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/icon64.png
    .png
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/icon8.png
    .png
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/manifest.json
  • $LOCALAPPDATA/Google/Chrome/User Data/Default/Extensions/mjildcbkilmkddbbpbjljljdmmlfeppl/5.0_0/marcopolo.js
    .js
  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5bdcdde5acd7b395f3f3d19ebbb8c6cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsJSON.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/nsisFile.dll
    .dll windows:4 windows x86 arch:x86

    722b4c6354d0d74582e6b8b9621ef62c


    Headers

    Imports

    Exports

    Sections

  • $_8_/extensions/getsav-in@jetpack/bootstrap.js
    .js
  • $_8_/extensions/getsav-in@jetpack/harness-options.json
  • $_8_/extensions/getsav-in@jetpack/icon.png
    .png
  • $_8_/extensions/getsav-in@jetpack/icon64.png
    .png
  • $_8_/extensions/getsav-in@jetpack/install.rdf
    .xml
  • $_8_/extensions/getsav-in@jetpack/locales.json
  • $_8_/extensions/getsav-in@jetpack/resources/addon-kit/lib/page-mod.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/addon-kit/lib/private-browsing.js
  • $_8_/extensions/getsav-in@jetpack/resources/addon-kit/lib/request.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/addon-kit/lib/windows.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/addon/runner.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/api-utils.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/base64.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/byte-streams.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/collection.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/content.js
    .js .vbs
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/content/content-proxy.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/content/content-worker.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/content/loader.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/content/symbiont.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/content/worker.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/cortex.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/cuddlefish.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/deprecate.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/dom/events.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/environment.js
    .js .vbs
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/errors.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/event/core.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/event/target.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/events.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/events/assembler.js
    .js .vbs
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/file.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/functional.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/globals.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/heritage.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/hidden-frame.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/l10n/core.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/l10n/html.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/l10n/loader.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/l10n/locale.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/l10n/prefs.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/light-traits.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/list.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/loader.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/match-pattern.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/memory.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/namespace.js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/observer-service.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/plain-text-console.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/preferences-service.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/private-browsing/utils.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/promise.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/querystring.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/runtime.js
    .js .vbs
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/sandbox.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/self.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/system.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/system/events.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/tabs/events.js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/tabs/observer.js
    .js .vbs
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/tabs/tab.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/tabs/utils.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/text-streams.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/timer.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/traceback.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/traits.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/traits/core.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/unload.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/url.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/utils/data.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/utils/object.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/utils/registry.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/utils/thumbnail.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/uuid.js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/window-utils.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/window/utils.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/windows/dom.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/windows/loader.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/windows/observer.js
    .js .vbs
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/windows/tabs.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/xhr.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/xpcom.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/api-utils/lib/xul-app.js
    .js
  • $_8_/extensions/getsav-in@jetpack/resources/getsav-in/data/icon.png
    .png
  • $_8_/extensions/getsav-in@jetpack/resources/getsav-in/data/icon64.png
    .png
  • $_8_/extensions/getsav-in@jetpack/resources/getsav-in/lib/main.js
    .js
  • ie/getsav-in_1372973101.dll
    .dll .js regsvr32 windows:4 windows x86 arch:x86 polyglot

    5ee72d33f3c4614b984bc91476c8397c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • sqlite3.exe
    .exe windows:4 windows x86 arch:x86

    27da149de9afed20b5dc5d5889566b10


    Headers

    Imports

    Sections

  • uninst.exe
    .exe windows:4 windows x86 arch:x86

    28a099a911237a28521d8b7ea250f089


    Headers

    Imports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    5bdcdde5acd7b395f3f3d19ebbb8c6cd


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsJSON.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • updater.exe
    .exe windows:4 windows x86 arch:x86

    a8fbbdfdbd4afbfaf1ad273feff898ee


    Headers

    Imports

    Sections