[hackr8]

I downloaded this sample from a site I was redirected to while googling. The file has unusual structure.
Can somebody try analyzing this? Thanks.
Virustotal: https://www.virustotal.com/#/file/e9b4b ... 0f5c535d4d

[Fedor22]

I downloaded this sample from a site I was redirected to while googling. The file has unusual structure.
Can somebody try analyzing this? Thanks.
Virustotal: https://www.virustotal.com/#/file/e9b4b ... 0f5c535d4d

It's Prepscram software bundler. It also connects to spam site and IP adress:

Code: Select all

hxxp://one.mountaincanvas.pw/offer.php?affId=1278&trackingId=406532207&instId=731&ho_trackingid=HO406532207&cc=GR&sb=x86&wv=7sp1&db=InternetExplorer&uac=1&cid=5d979308c3b6ea5ad7e984e628c8cac1&v=3&net=4.6.01055&ie=8%2e0%2e7601%2e17514&res=1280x720&osd=519&kid=hqmrb21b2e3h2r5cac9 (hxxp://143.204.208.37)

https://www.virustotal.com/#/url/c4807a ... /detection
https://www.virustotal.com/#/ip-address/143.204.208.37