Overview

overview

7

Static

static

7

c6a77aa373...b2.exe

windows7-x64

7

c6a77aa373...b2.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ig.dll

windows7-x64

3

$PLUGINSDI...ig.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...ze.dll

windows7-x64

7

$PLUGINSDI...ze.dll

windows10-2004-x64

7

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

ObjectListView.dll

windows7-x64

1

ObjectListView.dll

windows10-2004-x64

1

XFontManager.exe

windows7-x64

3

XFontManager.exe

windows10-2004-x64

3

fontinst.exe

windows7-x64

7

fontinst.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    c6a77aa3737fcf3db7cf14d05db4f2d69ee569f6b32484e0c249fd699840e1b2

  • Size

    1.3MB

  • MD5

    bb089ef49bbf095a28a3c9af900b68cf

  • SHA1

    38d0c04b39a40d867688205c93921215762460f1

  • SHA256

    c6a77aa3737fcf3db7cf14d05db4f2d69ee569f6b32484e0c249fd699840e1b2

  • SHA512

    ca74ea01c628172f46ff05707a038363c65876e0a37667660aa1eaf8d9e4fdf4b7ab8e8b03f2f45cced9693b01f82c5aadef8f8e960244278f7acc24d99ed527

  • SSDEEP

    24576:y64zp1+2RJE9TttfjxVH0A3SrLeoc2hXMdkdXEfHYYFQWzz:SFTE9TbflBCdc2ykhEfO

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 11 IoCs

    Checks for missing Authenticode signature.

Files

  • c6a77aa3737fcf3db7cf14d05db4f2d69ee569f6b32484e0c249fd699840e1b2
    .exe windows:4 windows x86 arch:x86

    7ed0d71376e55d58ab36dc7d3ffda898


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/3109485.ttf.bmp
  • $PLUGINSDIR/FindProcDLL.dll
    .dll windows:4 windows x86 arch:x86

    e26d7460d0c04056b9226a899477ba4d


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    4b45b7e00344a87332fbd12653854d1a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/IpConfig.dll
    .dll windows:5 windows x86 arch:x86

    3f0fda09180f619ca116344bede41608


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Registry.dll
    .dll windows:4 windows x86 arch:x86

    421a02aae559045e04759aae146087eb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    e644d8080c0d8d6edb0733f8965fd30e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/downloader.exe
    .exe windows:5 windows x86 arch:x86

    a05d88650e5594db2afe874ec2674b55


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/finishpage901885.ini
  • $PLUGINSDIR/logo_Yandex_RU_UA_vertical.ico
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsResize.dll
    .dll windows:6 windows x86 arch:x86


    Headers

    Exports

    Sections

  • out.upx
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections

  • $PLUGINSDIR/xfont.ru.logo.ico
  • $PLUGINSDIR/yandexbarpage2901885.ini
  • $PLUGINSDIR/yandexbrowser.ini
  • $PLUGINSDIR/yandexbrowsersetup.ico
  • 3109485.ttf
  • Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • ObjectListView.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • XFontManager.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • XFontManager.exe.config
    .xml
  • db.zip
    .zip
  • fonts.hash
  • fonts.json
  • favorites.json
  • fontinst.exe
    .exe windows:4 windows x86 arch:x86

    7ed0d71376e55d58ab36dc7d3ffda898


    Headers

    Imports

    Sections

  • xfont.ru.ico
  • xfont.ru.logo.ico
  • Удаление (Uninstall).exe.nsis