A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32658  by hackr8
 Fri Mar 08, 2019 5:33 pm
I downloaded this sample from a site I was redirected to while googling. The file has unusual structure.
Can somebody try analyzing this? Thanks.
Virustotal: https://www.virustotal.com/#/file/e9b4b ... 0f5c535d4d
You do not have the required permissions to view the files attached to this post.
 #32659  by Fedor22
 Fri Mar 08, 2019 6:22 pm
hackr8 wrote: Fri Mar 08, 2019 5:33 pm I downloaded this sample from a site I was redirected to while googling. The file has unusual structure.
Can somebody try analyzing this? Thanks.
Virustotal: https://www.virustotal.com/#/file/e9b4b ... 0f5c535d4d
It's Prepscram software bundler. It also connects to spam site and IP adress:
Code: Select all
hxxp://one.mountaincanvas.pw/offer.php?affId=1278&trackingId=406532207&instId=731&ho_trackingid=HO406532207&cc=GR&sb=x86&wv=7sp1&db=InternetExplorer&uac=1&cid=5d979308c3b6ea5ad7e984e628c8cac1&v=3&net=4.6.01055&ie=8%2e0%2e7601%2e17514&res=1280x720&osd=519&kid=hqmrb21b2e3h2r5cac9 (hxxp://143.204.208.37)
https://www.virustotal.com/#/url/c4807a ... /detection
https://www.virustotal.com/#/ip-address/143.204.208.37