Overview
overview
7Static
static
3siyuan-v20...in.exe
windows7-x64
7siyuan-v20...in.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3SiYuan.exe
windows10-2004-x64
7d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...t.html
windows7-x64
3resources/...t.html
windows10-2004-x64
3resources/...r.html
windows7-x64
3resources/...r.html
windows10-2004-x64
3resources/...t.html
windows7-x64
3resources/...t.html
windows10-2004-x64
3resources/...ain.js
windows7-x64
3resources/...ain.js
windows10-2004-x64
3resources/...ing.js
windows7-x64
3resources/...ing.js
windows10-2004-x64
3resources/...ges.js
windows7-x64
3resources/...ges.js
windows10-2004-x64
3resources/...mes.js
windows7-x64
3resources/...mes.js
windows10-2004-x64
3resources/...ils.js
windows7-x64
3General
-
Target
siyuan-v202411091638-win.exe
-
Size
146.3MB
-
Sample
241109-1kx27sshna
-
MD5
e564a5ce53a743919b8220ba5f70da8b
-
SHA1
c566b1305b9111afb845ea0d7b00fcc1f2e65b65
-
SHA256
8839933eb3940fab3ece0ccb3349e6ecae511f74e93b38d23071aabbd9d11123
-
SHA512
3b76330ceee7bdd1129d365c36d29ba110db9b1f2f49a303e57b80e2be104e1df807fc9c7cc341a7bc926ac8a0143b0884497655fa2df19f1a14a785d5fb2386
-
SSDEEP
3145728:sMTHFumxmKr3zHZ2LbpFeA+CI3Y7hudV1PAgcol8TfG1vS2EQd:sMTHFuCv2LbpFdrIdV22Swd
Behavioral task
behavioral1
Sample
siyuan-v202411091638-win.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
siyuan-v202411091638-win.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
LICENSES.chromium.html
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
LICENSES.chromium.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
SiYuan.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
d3dcompiler_47.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ffmpeg.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
resources/app/electron/boot.html
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
resources/app/electron/boot.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
resources/app/electron/error.html
Resource
win7-20240903-en
Behavioral task
behavioral21
Sample
resources/app/electron/error.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
resources/app/electron/init.html
Resource
win7-20240903-en
Behavioral task
behavioral23
Sample
resources/app/electron/init.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
resources/app/electron/main.js
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
resources/app/electron/main.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
resources/app/node_modules/@electron/remote/dist/src/common/get-electron-binding.js
Resource
win7-20240903-en
Behavioral task
behavioral27
Sample
resources/app/node_modules/@electron/remote/dist/src/common/get-electron-binding.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
resources/app/node_modules/@electron/remote/dist/src/common/ipc-messages.js
Resource
win7-20240729-en
Behavioral task
behavioral29
Sample
resources/app/node_modules/@electron/remote/dist/src/common/ipc-messages.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
resources/app/node_modules/@electron/remote/dist/src/common/module-names.js
Resource
win7-20240708-en
Behavioral task
behavioral31
Sample
resources/app/node_modules/@electron/remote/dist/src/common/module-names.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
resources/app/node_modules/@electron/remote/dist/src/common/type-utils.js
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
siyuan-v202411091638-win.exe
-
Size
146.3MB
-
MD5
e564a5ce53a743919b8220ba5f70da8b
-
SHA1
c566b1305b9111afb845ea0d7b00fcc1f2e65b65
-
SHA256
8839933eb3940fab3ece0ccb3349e6ecae511f74e93b38d23071aabbd9d11123
-
SHA512
3b76330ceee7bdd1129d365c36d29ba110db9b1f2f49a303e57b80e2be104e1df807fc9c7cc341a7bc926ac8a0143b0884497655fa2df19f1a14a785d5fb2386
-
SSDEEP
3145728:sMTHFumxmKr3zHZ2LbpFeA+CI3Y7hudV1PAgcol8TfG1vS2EQd:sMTHFuCv2LbpFdrIdV22Swd
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
14KB
-
MD5
adb29e6b186daa765dc750128649b63d
-
SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9
-
SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
-
SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
SSDEEP
192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
LICENSES.chromium.html
-
Size
9.0MB
-
MD5
c5de877a372447fdd303c1026fb432f2
-
SHA1
6fc0a751edacbe061e97248fa550691225891030
-
SHA256
4bf4dd1a05ecba975c90d85117dea74b0e94114f882bb26a7e7d1029afe8fda8
-
SHA512
b3079b18419ca854118e12e8d4681c9e66ae55fbb1f69cfb3ef6322a1c17557c0adbfab5ced030133af814d39483a2b5c7090ca3abb545e8808ffb6abe6b3ae6
-
SSDEEP
24576:G8QQf6Ox6j1newR6Xe1VmfQ6k6T6W6r656+eGj7dOp+:fGyeGd
Score3/10 -
-
-
Target
SiYuan.exe
-
Size
177.7MB
-
MD5
37140ef60e8dfdb594e7f8495c7a03e4
-
SHA1
14f35d3ee9085e88c04438384ca06c2ec886746b
-
SHA256
21614db7e95bbf9f7b605773db9f2f6ed47159c1a0bd9e8590ad5c636e90cb5c
-
SHA512
3e51b9c20527a8471728ae0f8603ab654078bf03796dd221cb9c3a704a130c639f4178934fcbc5753b538fff2258f6e0c5f05098345e4bc677587bd188822f6f
-
SSDEEP
1572864:kFKALQ5P9sbWJqVMw17uzZ5sJ8XDQ+/99HOBil8mtSGjZ+BOh+b3exaNk2CcV1lx:SZ9Vk91jpwM9
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
a7b7470c347f84365ffe1b2072b4f95c
-
SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3
-
SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
-
SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
-
SSDEEP
49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.8MB
-
MD5
ac8b92d611808fa706fc66b0cbd2b47e
-
SHA1
edf4499624a0bf7c39dde8bb9851c6a32775fcd2
-
SHA256
e7e3072809129e705674b9e36d4f282a013cb9e08e8951b2cf421c77f5c8d15a
-
SHA512
3cd98bb9b57fbd7184ba0f2b59529eace03e06f9b532032a98273b5e7fba26fdfb2ee22e09fdac57147fc7639e6d0d4955dbe94c85a19a5bde2d0b58cc9ec209
-
SSDEEP
49152:kkzMF+in6Rjp84IEeOUmlyNTzk74y0V+X6CfTBPwN/4MT+fcX:kkXpCOUyy5Z96Q/Wk
Score1/10 -
-
-
Target
libEGL.dll
-
Size
473KB
-
MD5
5f70bcd25192c2551161fd99bc44ced4
-
SHA1
4d4f2f9c118d30c34f9b0c508fc16b4a2e5df7ea
-
SHA256
a2a2b67ea9e03df00c54c2d2eddb463bae2e9730b23e525c2f979536476ded35
-
SHA512
f2659ab8ade27bcf81a5b278c23615086bb4956ca32c755dd4e6f760a5284f2c81c237fd48b7daf300cdc2658d5340024d3481a61b678ae95c826e24d53dbf9c
-
SSDEEP
6144:DeoMqSwktU6O8J6AGrIKLD0Rv8KRWAwi+u7fSGSetZu:PMeAQ8JFGrIKLDW9W2+u7fSGS5
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
8.0MB
-
MD5
2a9b964d71d8c0a649a29b79c290571f
-
SHA1
d1802c6950fa3b4e078819aed7f25fb2a2c4e19a
-
SHA256
684b181eecf8acb21cec94aecad6511dc9915b57d8c9524f9996b8c8d3adedd2
-
SHA512
b25b67d0a61a1165e612313f7c49623f3fcb00f4a824a97e7485612c34026cbb935a27ba4c8dafcbd9fe30de2e646783bd139df02007edec46442aab26a7452a
-
SSDEEP
98304:rsbPUQUHoQ5dKV0H4HrX7OBAK2dMNFR7VxVXC3OTW+:rsbP/UHoQ5AV++wAlMlVXmOT
Score1/10 -
-
-
Target
resources/app/electron/boot.html
-
Size
1KB
-
MD5
cb9e20015456e2667ae31461af98bb42
-
SHA1
7a6bef55957f46e2301372166b28828d5cc2f632
-
SHA256
d5ed6baac089b1902d3cdbb0defb92593bc83b6c3d52214dd284ccc83ec6ccc2
-
SHA512
0bfde494578be09c540f1304a3f55cf5b5873ddc17762aa2ec10365b0f6b878060fbe5d6c8e2f35de058a0a06cedb0268f255329dbaca9b6580298a5febabde4
Score3/10 -
-
-
Target
resources/app/electron/error.html
-
Size
5KB
-
MD5
94aa7d1b415c99e62f8e64228fab58eb
-
SHA1
e350ca1fb0790df414ef42d82f79a9a0c33bb158
-
SHA256
a195b10ace5bb736b3fd68e7a81a8d03ed623a376a607adf39d22df9990b52a0
-
SHA512
56b4715da8bc69567e87f18f19583910d27e93a6139cedbe1533b001d8687e3a78269cc657ba8824789ab7168a75099210f2f061138f652147d62ab27ad1f476
-
SSDEEP
96:NQtasX/FtOkLjgRf2zfKstFUDBFEdbcH4sJuhVVL4DEtxQ4QQRP9KZI8xMhig:NQ0sXjOk+f2jiDAdbcH4551X82
Score3/10 -
-
-
Target
resources/app/electron/init.html
-
Size
17KB
-
MD5
816e0e1df715a353490ad55543daa227
-
SHA1
d8d522f02b35f568fd2e5d2c4b46d7877f5478cb
-
SHA256
403f6becc880471083914698965446e4ebe39e04ffbfee3313b573258b4e9951
-
SHA512
3305978fa19a2db0bd2f5b50ab49f271ca2f1f66ecbbfdc152cee909849e587a185bcf8fcd59493ea4dfd2c7ec5b63f03c9d931f89722902aaeea1b1ff456dd1
-
SSDEEP
384:MNR7sJrB6opEFr+l0nwGXRbWbRVq3/s1SDb+4LV+cYC2Wm:M/8k/+unwGhAqtGp
Score3/10 -
-
-
Target
resources/app/electron/main.js
-
Size
54KB
-
MD5
a1b6cc881ada7c7bf9ad4adc2ab1a7f8
-
SHA1
1969138c8bc9be9d7c9e50b609bdfa940a77513d
-
SHA256
a6b8f510c4b6f3cc0f10e364360da9c46f6fd7de22eed90116950d19d1acea14
-
SHA512
9209d0f6dbd5c86927507e31b0b69f0beda728dbf75ee799e1d6497bfa51ff83abdc34edac9cd388f8a60998cd556ad35a7f9e45b0c426cf8b0dbe3e2427b1b7
-
SSDEEP
384:abppLOWwY/Mc/yJrildGJiK3E5j3QxVV1yXxxqePhEuUW6D8jnsXcuGf8x0iRDCT:abTLF2klXC6hxXBYRj9FATn
Score3/10 -
-
-
Target
resources/app/node_modules/@electron/remote/dist/src/common/get-electron-binding.js
-
Size
441B
-
MD5
0106cf7d56f545a842d9b502c8e71f18
-
SHA1
c3367470051e2e92e8237c7336247dd82bdcf7b0
-
SHA256
f857a19eec43c9f8d97736c86057064c5b71fc14f6e773d1d7b1c268598bd309
-
SHA512
d8713654bfe110315c6edccec830cf1e07c50f9d226d23be6d291c0c65ed52386fb19603d9b70aa7bb28a790236562574d33cbd49b2046c3e09d4eb2289d3695
Score3/10 -
-
-
Target
resources/app/node_modules/@electron/remote/dist/src/common/ipc-messages.js
-
Size
77B
-
MD5
8963201168a2449f79025884824955f2
-
SHA1
b66edae489b6e4147ce7e1ec65a107e297219771
-
SHA256
d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230
-
SHA512
7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000
Score3/10 -
-
-
Target
resources/app/node_modules/@electron/remote/dist/src/common/module-names.js
-
Size
1KB
-
MD5
14276b7b32717dc8dc7b650eb8d130f3
-
SHA1
982c496f24937e7ffba0b7ef4634c75f1081d73b
-
SHA256
dfcea2c5575d2db51cb38b22c6b4958337746e6d75ba827f450a57b196856c16
-
SHA512
58b13a89d03bf375a89a8e6cc4932d6a4e66eff54855d7fddf966ff6d90c3d5b2376a20216941cfc7ced2755edd5565633c2904b9b5432a5624fc0a3f006e950
Score3/10 -
-
-
Target
resources/app/node_modules/@electron/remote/dist/src/common/type-utils.js
-
Size
3KB
-
MD5
c70855b91decfa97bb38c04014e304e3
-
SHA1
c6fc5f8877769e1d4210689f587fd5a4cf5fa5c7
-
SHA256
4e4e7bda21b242e517b9b1b582a15a45e8135bc7f7b1f0e9b33e56181dea3ee8
-
SHA512
41901684ada330b6aa143822ed2119df26be5ece733282ada2446c63676ba956990a414c5ca736d055d508ac4c0623aba72a4f471ad1861c2b59ed2ea3a88080
Score3/10 -