gevaarlijk[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

gevaarlijk.zip
Size

10.0MB
MD5

c117f384b6ab115669d81f393f08676a
SHA1

d46a743348348da6c19d9f3d6de957c5058554f8
SHA256

dac399cd370db99711be5b31c1b5935432b9cd11c5e9745e752a5a7b66ef9e67
SHA512

02611f527899f52c6c042db82f77b2f73f4c66efee54b65bd3a4fa217fbc88728286769db43198eaec06a0c1b957ac044c46d1d5c4dadccb3e0c8169c74919f1
SSDEEP

196608:zp8HWcQHIEwwLeowyyDfjNct2TW/rQk6CN1VayQUozPVmESwLr9mcP:eHWcKI3f/bN7TW/0k6CN1VWtztmEPA8

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/test/0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource
static1/unpack001/test/0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/test/fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe	nsis_installer_1
static1/unpack001/test/fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe	nsis_installer_2

Files

gevaarlijk.zip
.zip
__MACOSX/._test
__MACOSX/test/._.DS_Store
__MACOSX/test/._0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc
__MACOSX/test/._0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66.doc
__MACOSX/test/._91B5DB3C0CCBD68BD04C24571E27F99D.msi
__MACOSX/test/._ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
__MACOSX/test/._fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe
test/.DS_Store
test/0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc
.doc windows office2003

ThisDocument

ulwMK8UL

hCxOn1

ZP5AW

f
test/0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66.doc
.doc windows office2003

pXirGKdhzK

jwCWVLSqL
test/91B5DB3C0CCBD68BD04C24571E27F99D.msi
.msi .vbs
test/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
.exe windows x86

68f013d7437aa653a8a98a05807afeb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

msvcrt

realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test/fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe
.exe windows x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test/main.exe
.exe windows x64

c7269d59926fa4252270f407e4dab043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
Sleep
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
test/main_temp.exe
.exe windows x64

c7269d59926fa4252270f407e4dab043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
Sleep
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 762KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 816KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ThisDocument

ulwMK8UL

hCxOn1

ZP5AW

f

pXirGKdhzK

jwCWVLSqL

68f013d7437aa653a8a98a05807afeb1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 2KB

c7269d59926fa4252270f407e4dab043

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 629KB - Virtual size: 629KB

.rdata Size: 700KB - Virtual size: 700KB

.data Size: 95KB - Virtual size: 460KB

/4 Size: 512B - Virtual size: 281B

/19 Size: 122KB - Virtual size: 121KB

/32 Size: 22KB - Virtual size: 22KB

/46 Size: 512B - Virtual size: 40B

/65 Size: 357KB - Virtual size: 357KB

/78 Size: 118KB - Virtual size: 118KB

/90 Size: 37KB - Virtual size: 37KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

.symtab Size: 128KB - Virtual size: 127KB

c7269d59926fa4252270f407e4dab043

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 762KB - Virtual size: 762KB

.rdata Size: 816KB - Virtual size: 816KB

.data Size: 103KB - Virtual size: 468KB

/4 Size: 512B - Virtual size: 281B

/19 Size: 145KB - Virtual size: 145KB

/32 Size: 28KB - Virtual size: 27KB

/46 Size: 512B - Virtual size: 40B

/65 Size: 388KB - Virtual size: 388KB

/78 Size: 151KB - Virtual size: 151KB

/90 Size: 46KB - Virtual size: 45KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 629KB - Virtual size: 629KB

.rdata
Size: 700KB - Virtual size: 700KB

.data
Size: 95KB - Virtual size: 460KB

/4
Size: 512B - Virtual size: 281B

/19
Size: 122KB - Virtual size: 121KB

/32
Size: 22KB - Virtual size: 22KB

/46
Size: 512B - Virtual size: 40B

/65
Size: 357KB - Virtual size: 357KB

/78
Size: 118KB - Virtual size: 118KB

/90
Size: 37KB - Virtual size: 37KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB

.symtab
Size: 128KB - Virtual size: 127KB

.text
Size: 762KB - Virtual size: 762KB

.rdata
Size: 816KB - Virtual size: 816KB

.data
Size: 103KB - Virtual size: 468KB

/4
Size: 512B - Virtual size: 281B

/19
Size: 145KB - Virtual size: 145KB

/32
Size: 28KB - Virtual size: 27KB

/46
Size: 512B - Virtual size: 40B

/65
Size: 388KB - Virtual size: 388KB

/78
Size: 151KB - Virtual size: 151KB

/90
Size: 46KB - Virtual size: 45KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB

.symtab
Size: 141KB - Virtual size: 141KB