Adware.AltrusicaApplication.A
Table of Contents
Analysis Report
General information
| Family Name: | Adware.AltrusicaApplication.A |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
25ac02f9d494948511c7046231602998
SHA1:
66c2ef337401d9c9a45513d1fa303339cb981763
SHA256:
B161A5ED3C701E715B62D9C9000DFC525E8C4B5C5ED4320B0F70D51D30EBED90
File Size:
6.66 MB, 6659160 bytes
|
|
MD5:
517b8b95cf473ffd23b4547fb516871f
SHA1:
a6df749dc922129eb2723cb25ce9a13b67d47427
SHA256:
FDB63C2CA95F8315F21FE755FBF3730C4A8543533FA23B657D9C0677A48F63EE
File Size:
2.31 MB, 2314328 bytes
|
|
MD5:
e453815436230aab78a5482887bb81eb
SHA1:
047bb67025bdab90cfeb239d9710dce8951eb7a6
SHA256:
C20E09C78373DC77E0B42532E58AD667415C8752BB6821D194667DED4F50109C
File Size:
2.32 MB, 2320992 bytes
|
|
MD5:
53da06a0adc7fb61e5e770ca9bf61f5e
SHA1:
1406f7ab64ef648b26159863cfcc135ba8d0c703
SHA256:
2163821ED3B796EAADA3F1E3398AD077D178AA2F327BEE6C7F646632D7156892
File Size:
2.31 MB, 2314312 bytes
|
|
MD5:
7aa972db198f768643e055f78faa98a8
SHA1:
36a11f7730a1d7b4a852cfc1f96f482bfa93d86a
SHA256:
624986BB4E9520BA2902664D5FA0589654E08CBF79B38D9437C972C34C7518B7
File Size:
2.31 MB, 2314312 bytes
|
Show More
|
MD5:
eee3243d3da296993566b9dcd4ea1d65
SHA1:
c3b421fd6fd0e577920958928214c8861de09c2d
SHA256:
AEEB86A089FD886EE3B28BCE053524FD99BF6905DCC197F3954C72F3CA66B07B
File Size:
2.31 MB, 2314312 bytes
|
|
MD5:
85099210e745b4096aed15034fe4cda0
SHA1:
d840644714e06101c44df6b8305ab6a946233e5b
SHA256:
F8FD99392219D0DAD79D3C399D575A85D6DBBF6B616CD7B9BB7FC7319347B5AF
File Size:
2.33 MB, 2326288 bytes
|
|
MD5:
b085930fee8f49f51c8eca2259fbf3d1
SHA1:
9767c594d089b5dc2dc5cd6a753fb62d38e8d97b
SHA256:
6AD662C25340E77DC95C2900AB635B043AC203FEDE8B14A5225F60EF423DEB85
File Size:
2.33 MB, 2326328 bytes
|
|
MD5:
5fa8e0a67e4db4aa2f50d2f09e26ef52
SHA1:
5c94ef9aeff2f498be26abb25724c3cf9f4639eb
SHA256:
1016B5DFF5F74F4CEC0CE9CB76DE1BD3C27051488518890430C966BC7E16DF5F
File Size:
2.33 MB, 2326328 bytes
|
|
MD5:
327063a47eb1eb0e5541e7908e644bbe
SHA1:
5c2feba0ad37b69d28f0cf5e9063688152568493
SHA256:
BE2F25536AB73F7B03032C1D0BE6C64BB18FCC9E2D81DA3AE8F3099BEC3B421D
File Size:
2.32 MB, 2321144 bytes
|
|
MD5:
71eba3354e9271b318cb16396cee4258
SHA1:
c0c57cd09a06e63b696b70257aba0543efb1cb7a
SHA256:
FA967678DB3807DF84C7C4AFDED87E6D58F5D828DC26377566E798605B2C2107
File Size:
2.32 MB, 2321144 bytes
|
|
MD5:
28c8edc06f172e5b7ae3991bb79280c0
SHA1:
9e1dcaee53e129a335bc261afcfb61f5a7cc0504
SHA256:
1F98757F9AC0572928A83B40FEA22C7A70AA91552DA4B1C7E642AC6F8DA909C0
File Size:
2.33 MB, 2326288 bytes
|
|
MD5:
f03c399a0edd962183390b36b0a43a36
SHA1:
dd459bddfff961ab092827f8ce6325c72370d396
SHA256:
7F1B8C49FC12B75A61272BDCE6D82C7079B84A5A93610E3C74A6BB69145E49EC
File Size:
2.33 MB, 2326288 bytes
|
|
MD5:
c86bd7d7a11ac2a6872b0dba3862fd3d
SHA1:
0d21024f86ce3a5ef0f16addbfa3255bfa5d2a32
SHA256:
2DE104C530812A4029C6865E72F407AE524E21EF088459894C4BB2D6D4A8D6EE
File Size:
2.33 MB, 2326264 bytes
|
|
MD5:
56ed71ffb453d07d1eaceb6db44c132b
SHA1:
71ec1d374a30aff1da0ebe5b07b72f9048208d9e
SHA256:
A72102739116B1E842A4C91E3DA03C6D57BCA0AC35D663F1A03AB442D678A10E
File Size:
2.32 MB, 2321168 bytes
|
|
MD5:
9af3a51f5dade5a656417e4505bc423a
SHA1:
2079611041544bc097bef3e4ddc7d964b614a81e
SHA256:
80C2FE57A779ED5944456D3A8A7736FA13B0BABC1E89F6CC59ACE5295C91A7BA
File Size:
2.32 MB, 2321168 bytes
|
|
MD5:
60f84756e641e2210732f936a5555c44
SHA1:
2c6ef39ba29ee6fa1a70fb3d1ceb0a46ea2973c6
SHA256:
9E6AE57D8C795FB331E01D3F783826AB7E2662C033D802A8E28D2A1396176F9E
File Size:
2.33 MB, 2326328 bytes
|
|
MD5:
6b4dd6677eb89c8753da5eb100cbd03d
SHA1:
06504c74ed0b044575ff0de43cd595357bfdca35
SHA256:
19C11D23AE5D1F51BF006C46E531BD975B3EA8887C469D8BCCCD8A38CF7893A9
File Size:
2.33 MB, 2326328 bytes
|
|
MD5:
9c7c1ee61fc390e9aa0f1e33c701c8a8
SHA1:
72dc95bbbf9ee1b5758f8c99e6c3136ae955e432
SHA256:
3FB75C28E60D3534F5531F2F4BCAF9AB886CA41609B9AA4DDA53E945B1699190
File Size:
1.66 MB, 1660728 bytes
|
|
MD5:
2174d750b3e912e2f9a735df3e2ff49c
SHA1:
78f0c303a6fde7d6e6acaf51d6fe887c53351bd4
SHA256:
F5FCE84CE39AD4C0FBB6A7A7D7E085128C277D627418BDE239C563D8EFA31E1E
File Size:
1.66 MB, 1660728 bytes
|
|
MD5:
fd91f73bd715ca2bc39de71591731408
SHA1:
0c61f220b649e3b35a28b8d861a50965b7fd75a8
SHA256:
C9BBA3BC1AEB310B47D500E2516100F8DD87426F81F4B76505EE6C3B764C9F54
File Size:
2.33 MB, 2326304 bytes
|
|
MD5:
25eef07e7c7a77c15d7aaa1b2c46ba17
SHA1:
e19293c586ce535bc00bfef79f06a50f6bcb94fd
SHA256:
6CF0672FD76A4A4F1F41BAD78676F64C1D4B172F9A5F77CBC2FEE295607CF225
File Size:
2.33 MB, 2326304 bytes
|
|
MD5:
0a78c307209cdec4c6f3f8e3eafd61e8
SHA1:
840c92c9da7e01feae9aac973785967c0e53484c
SHA256:
E5C94A3C60935304FD207DE92A4C6B2C8E6FE80B35E13ACED07CB74A57D22ACE
File Size:
2.33 MB, 2326304 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is .NET application
- File is 32-bit executable
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version |
Show More
|
| Comments |
|
| File Description |
|
| File Version |
Show More
|
| Internal Name |
|
| Original Filename |
|
| Product Name | Almarurics |
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Turn Urge | Affair Will | Hash Mismatch |
| Turn Urge | Affair Will | Self Signed |
| Inferior East | Clench Mankind | Hash Mismatch |
| Inferior East | Clench Mankind | Self Signed |
| Whereas Attorney | Dazzle Cushion | Hash Mismatch |
Show More
| Whereas Attorney | Dazzle Cushion | Self Signed |
| DioPakoSigner | DioPakoSigner | Self Signed |
| Loud Dawn | Fringe Plumbing | Hash Mismatch |
| Loud Dawn | Fringe Plumbing | Self Signed |
| FutMiaSigner | FutMiaSigner | Hash Mismatch |
| MyaRo BesDev | MyaRo BesDev | Hash Mismatch |
| MyaRo BesDev | MyaRo BesDev | Self Signed |
| Make Vent | Quite Exuberant | Self Signed |
| Adopt Send | Reluctant Jury | Hash Mismatch |
| Adopt Send | Reluctant Jury | Self Signed |
| Footprint Merit | Wallpaper Mug | Hash Mismatch |
| Footprint Merit | Wallpaper Mug | Self Signed |
File Traits
- .NET
- GetConsoleWindow
- HighEntropy
- Installer Version
- ntdll
- x64
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 111 |
|---|---|
| Potentially Malicious Blocks: | 31 |
| Whitelisted Blocks: | 80 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
x
x
x
x
x
0
0
0
0
0
x
0
0
0
0
0
0
x
x
x
0
0
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
x
x
x
x
x
0
0
0
0
x
x
x
0
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
x
x
0
x
x
x
x
x
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- AltrusicaApplication.A
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Encryption Used |
|
| Anti Debug |
|
