show
Overview
overview
10Static
static
35ca9895bde...30.exe
windows7-x64
105ca9895bde...30.exe
windows10-2004-x64
10$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
5ca9895bde47eec2e17d34d058e32f699ea0501b6964916ddaf490cfda668930.exe
Resource
win7-20240611-en
windows7-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
5ca9895bde47eec2e17d34d058e32f699ea0501b6964916ddaf490cfda668930.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
17 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AdvSplash.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AdvSplash.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240419-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
5ca9895bde47eec2e17d34d058e32f699ea0501b6964916ddaf490cfda668930.exe
-
Size
655KB
-
MD5
b1635b455bd73cb6c547728cb1d1fca1
-
SHA1
5e016cc09d0c5f8429c6955bc3bfd9a07d25741d
-
SHA256
5ca9895bde47eec2e17d34d058e32f699ea0501b6964916ddaf490cfda668930
-
SHA512
9829dc60d520c945c1aef68dd6942a1eca4cc0c4fe8dc092e20bdade413ffe412a58e376be446e64cc479cb4e2d872828336fbc8742189d20656900bdcb97795
-
SSDEEP
6144:z9KOQS4B4GMSGJpFhcbvDIZDAPGQzvOWECsjqfn/HUgcwViw6977fdRw9wQZe:zsB4GOcbrKDgTzvOWlEgcwVh693fdWY
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5ca9895bde47eec2e17d34d058e32f699ea0501b6964916ddaf490cfda668930.exe unpack001/$PLUGINSDIR/AdvSplash.dll unpack001/$PLUGINSDIR/BgImage.dll unpack001/$PLUGINSDIR/UserInfo.dll unpack001/$PLUGINSDIR/nsExec.dll -
NSIS installer 2 IoCs
Processes:
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
5ca9895bde47eec2e17d34d058e32f699ea0501b6964916ddaf490cfda668930.exe.exe windows:4 windows x86 arch:x86
e160ef8e55bb9d162da4e266afd9eef3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary
user32
CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA
gdi32
SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
advapi32
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17
ole32
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 136KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 267KB - Virtual size: 266KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/AdvSplash.dll.dll windows:4 windows x86 arch:x86
2e8d5524d09b794f343fa9e2df0a1d87
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrcpynA
GetVersion
GetModuleHandleA
lstrcpyA
lstrcatA
GlobalAlloc
GetProcAddress
GlobalFree
user32
EnumDisplaySettingsA
CreateWindowExA
DefWindowProcA
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
LoadImageA
DestroyWindow
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
LoadCursorA
RegisterClassA
SetWindowPos
gdi32
BitBlt
DeleteObject
CombineRgn
DeleteDC
CreateCompatibleDC
GetObjectA
CreateRectRgn
GetDIBits
SelectObject
winmm
timeSetEvent
PlaySoundA
timeKillEvent
Exports
Exports
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 188B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/BgImage.dll.dll windows:4 windows x86 arch:x86
bdcecc8b26871abb93996c6c18e09c94
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcpyA
lstrcpynA
GlobalFree
lstrcmpiA
EnterCriticalSection
GlobalAlloc
LeaveCriticalSection
user32
UnregisterClassA
CallWindowProcA
LoadImageA
DestroyWindow
BeginPaint
IsWindow
SendMessageA
DefWindowProcA
RedrawWindow
ShowWindow
LoadCursorA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetSystemMetrics
SetWindowPos
DrawTextA
EndPaint
FillRect
gdi32
GetObjectA
DeleteDC
DeleteObject
CreateSolidBrush
CreateCompatibleDC
SelectObject
SetMapMode
GetMapMode
CreateCompatibleBitmap
CreateBitmap
SetBkMode
BitBlt
DPtoLP
SetBkColor
SetTextColor
winmm
PlaySoundA
Exports
Exports
AddImage
AddText
Clear
Destroy
Redraw
SetBg
SetReturn
Sound
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 620B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UserInfo.dll.dll windows:4 windows x86 arch:x86
cce05dea98cbac3a9d486b233588f528
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
advapi32
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
Exports
Exports
GetAccountType
GetName
GetOriginalAccountType
Sections
.text Size: 1024B - Virtual size: 692B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 673B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
6b7d154c806f1e47db325229c300c6df
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GlobalLock
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GetVersionExA
lstrcatA
user32
SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 458B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bantingize.cha
-
Dicaeidae.Gle
-
Efterbyrd.per
-
Outtells.Coe
-
Rabble/prveudtagningsfrekvenser.blo
-
Rabble/voguishness.cha
-
antologis.flb
-
attraktioner.txt
-
bloknings.fle
-
cassie.dat
-
jomfruelige.fak