Overview

overview

7

Static

static

3

bee9ac7512...cN.exe

windows7-x64

7

bee9ac7512...cN.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

ActiveRefresh.exe

windows7-x64

3

ActiveRefresh.exe

windows10-2004-x64

3

Plugins/ftp2rss.dll

windows7-x64

3

Plugins/ftp2rss.dll

windows10-2004-x64

3

Plugins/pop3.dll

windows7-x64

3

Plugins/pop3.dll

windows10-2004-x64

3

Plugins/yahoomail.dll

windows7-x64

3

Plugins/yahoomail.dll

windows10-2004-x64

3

Scripts/br...a.html

windows7-x64

3

Scripts/br...a.html

windows10-2004-x64

3

Scripts/di...y.html

windows7-x64

3

Scripts/di...y.html

windows10-2004-x64

3

Scripts/google.html

windows7-x64

3

Scripts/google.html

windows10-2004-x64

3

Scripts/mi...A.html

windows7-x64

3

Scripts/mi...A.html

windows10-2004-x64

3

Scripts/se...n.html

windows7-x64

3

Scripts/se...n.html

windows10-2004-x64

3

Scripts/stock.html

windows7-x64

3

Scripts/stock.html

windows10-2004-x64

3

Scripts/whois.html

windows7-x64

3

Scripts/whois.html

windows10-2004-x64

3

Theme/__temp.html

windows7-x64

3

Theme/__temp.html

windows10-2004-x64

3

Theme/onepanel.html

windows7-x64

3

Theme/onepanel.html

windows10-2004-x64

3

Theme/twopanel.html

windows7-x64

3

Theme/twopanel.html

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    bee9ac7512cb662e6b99b03a3c0f57c5fddea3696bd3d058bd13bb82304c888cN

  • Size

    757KB

  • MD5

    1f69d8ecf8bc59dcb45d12a088c67fb0

  • SHA1

    7e70653f2ff1d0960d040c7b50440bf31dcaeeb6

  • SHA256

    bee9ac7512cb662e6b99b03a3c0f57c5fddea3696bd3d058bd13bb82304c888c

  • SHA512

    b76ae9f3f41260805fc4268c95d1446b492522df7579778b358ba134bd008c65ac0940b8aacd6267e4d26b1a3e87443b25493a2a2719c53238932dca2f73e461

  • SSDEEP

    12288:ADDJfT/g+MpvfYNFevozyhPNLlnPg1igNp61fbjZdooqu0lakJS8vW/qvt6DOfOn:GDxg+MlfY3sfnPgcgS1TH3FhmxmlkUD5

Score
3/10

Malware Config

Signatures

  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • bee9ac7512cb662e6b99b03a3c0f57c5fddea3696bd3d058bd13bb82304c888cN
    .exe windows:4 windows x86 arch:x86

    7d8c16ee511989dba08d838c22062a91


    Headers

    Imports

    Sections

  • $1/ActiveRefresh/settings.xml
  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    2974852fdb738688c98d82902c6fc614


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/special.ini
  • ActiveRefresh.exe
    .exe windows:4 windows x86 arch:x86

    537512da3dcbd5212449980dd18820ec


    Headers

    Imports

    Exports

    Sections

  • Plugins/ftp2rss.dll
    .dll windows:4 windows x86 arch:x86

    79c9563d069dc078419c871003fc3cae


    Headers

    Imports

    Exports

    Sections

  • Plugins/pop3.dll
    .dll windows:4 windows x86 arch:x86

    c0f646c39a38ed9c795841e54623c3c7


    Headers

    Imports

    Exports

    Sections

  • Plugins/yahoomail.dll
    .dll windows:4 windows x86 arch:x86

    b81bd0a74cb2e74af6f6337a70a92ee6


    Headers

    Imports

    Exports

    Sections

  • Scripts/britanica.xml
    .html
  • Scripts/dictionary.xml
    .html
  • Scripts/google.xml
    .html
  • Scripts/microsoftBA.xml
    .html
  • Scripts/searchmsdn.xml
    .html
  • Scripts/stock.xml
    .html
  • Scripts/whois.xml
    .html
  • Style/Clean and Simple.xsl
    .xml
  • Style/Default (Large Font).xsl
    .xml
  • Style/Forum (Blue).xsl
    .xml
  • Style/Forum (Brown).xsl
    .xml
  • Style/Terminal.xsl
    .xml
  • Theme/Notify.wav
  • Theme/__temp.html
    .html
  • Theme/onepanel.html
    .html
  • Theme/reply.GIF
    .gif
  • Theme/rssitem.templ
  • Theme/twopanel.html
    .html
  • Uninstall.exe
    .exe windows:4 windows x86 arch:x86

    7d8c16ee511989dba08d838c22062a91


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    2974852fdb738688c98d82902c6fc614


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • activerefresh.chm
    .chm
  • base/Entertainment.xml
    .vbs .xml polyglot
  • base/General News.xml
    .vbs .xml polyglot
  • base/Health.xml
    .vbs .xml polyglot
  • base/MiscNews.xml
    .vbs .xml polyglot
  • base/Popular Web Portals.xml
    .vbs .xml polyglot
  • base/Science News.xml
    .vbs .xml polyglot
  • base/Software Downloads.xml
    .vbs .xml polyglot
  • base/Software News.xml
    .vbs .xml polyglot
  • base/Technology News.xml
    .vbs .xml polyglot
  • base/Weblogs.xml
    .vbs .xml polyglot
  • base/base.xml
  • keyboard.html
    .html
  • license.txt
  • localization/activerefresh.russian.xml