General

  • Target

    abdccf5ca47b604fb09b75af68fdb34209d4fca9d22f4912555bacc4c8ff0bca

  • Size

    3.1MB

  • Sample

    221124-e8kk5ahf25

  • MD5

    63d7486ba525751de7e1772b6df70801

  • SHA1

    de3ebeb9b34176ed8555fb5d5d7875b710c3ca19

  • SHA256

    abdccf5ca47b604fb09b75af68fdb34209d4fca9d22f4912555bacc4c8ff0bca

  • SHA512

    6ea055147446a476698f72f9b93381d348214e26db1dcf80de4dcb9d962ef3ef4959f946088d093b308c993b32d16d637e1215269e8defceaec43d540bc98d0e

  • SSDEEP

    98304:JBdPk4vVq5XdkyaH0YwhUuP/uftssybFiNgQ:xPLVqBayGgUg6YqgQ

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\ArchiverApp\ArchiverApp\History.txt

Ransom Note
HISTORY of the 7-Zip -------------------- 16.04 2016-10-04 ------------------------- - The bug was fixed: 7-Zip 16.03 exe installer under Vista didn't create links in Start / Programs menu. - Some bugs were fixed in RAR code. 16.03 2016-09-28 ------------------------- - Installer and SFX modules now use some protection against DLL preloading attack. - Some bugs were fixed in 7z, NSIS, SquashFS, RAR5 and another code. 16.02 2016-05-21 ------------------------- - 7-Zip now can extract multivolume ZIP archives (z01, z02, ... , zip). - Some bugs were fixed. 15.14 2015-12-31 ------------------------- - 7-Zip File Manager: - The code for "Open file from archive" operation was improved. - The code for "Tools/Options" window was improved. - The BUG was fixed: there was incorrect mouse cursor capture for drag-and-drop operations from open archive to Explorer window. - Some bugs were fixed. - New localization: Yoruba. 15.12 2015-11-19 ------------------------- - The release version. 15.11 beta 2015-11-14 ------------------------- - Some bugs were fixed. 15.10 beta 2015-11-01 ------------------------- - The BUG in 9.21 - 15.09 was fixed: 7-Zip could ignore some parameters, specified for archive creation operation for gzip and bzip2 formats in "Add to Archive" window and in command line version (-m switch). - Some bugs were fixed. 15.09 beta 2015-10-16 ------------------------- - 7-Zip now can extract ext2 and multivolume VMDK images. - Some bugs were fixed. 15.08 beta 2015-10-01 ------------------------- - 7-Zip now can extract ext3 and ext4 (Linux file system) images. - Some bugs were fixed. 15.07 beta 2015-09-17 ------------------------- - 7-Zip now can extract GPT images and single file QCOW2, VMDK, VDI images. - 7-Zip now can extract solid WIM archives with LZMS compression. - Some bugs were fixed. 15.06 beta 2015-08-09 ------------------------- - 7-Zip now can extract RAR5 archives. - 7-Zip now doesn't sort files by type while adding to solid 7z archive. - new -mqs switch to sort files by type while adding to solid 7z archive. - The BUG in 7-Zip File Manager was fixed: The "Move" operation to open 7z archive didn't delete empty files. - The BUG in 15.05 was fixed: console version added some text to the end of stdout stream, is -so switch was used. - The BUG in 9.30 - 15.05 was fixed: 7-Zip could not open multivolume sfx RAR archive. - Some bugs were fixed. 15.05 beta 2015-06-14 ------------------------- - 7-Zip now uses new installer. - 7-Zip now can create 7z, xz and zip archives with 1536 MB dictionary for LZMA/LZMA2. - 7-Zip File Manager now can operate with alternate file streams at NTFS volumes via "File / Alternate Streams" menu command. - 7-Zip now can extract .zipx (WinZip) archives that use xz compression. - new optional "section size" parameter for BCJ2 filter for compression ratio improving. Example: -mf=BCJ2:d9M, if largest executable section in files is smaller than 9 MB. - Speed optimizations for BCJ2 filter and SHA-1 and SHA-256 calculation. - Console version now uses stderr stream for error messages. - Console version now shows names of processed files only in progress line by default. - new -bb[0-3] switch to set output log level. -bb1 shows names of processed files in log. - new -bs[o|e|p][0|1|2] switch to set stream for output messages; o: output, e: error, p: progress line; 0: disable, 1: stdout, 2: stderr. - new -bt switch to show execution time statistics. - new -myx[0-9] switch to set level of file analysis. - new -mmtf- switch to set single thread mode for filters. - The BUG was fixed: 7-Zip didn't restore NTFS permissions for folders during extracting from WIM archives. - The BUG was fixed: The command line version: if the command "rn" (Rename) was called with more than one pair of paths, 7-Zip used only first rename pair. - The BUG was fixed: 7-Zip crashed for ZIP/LZMA/AES/AES-NI. - The BUG in 15.01-15.02 was fixed: 7-Zip created incorrect ZIP archives, if ZipCrypto encryption was used. 7-Zip 9.20 can extract such incorrect ZIP archives. - Some bugs were fixed. 9.38 beta 2015-01-03 ------------------------- - Some bugs were fixed. 9.36 beta 2014-12-26 ------------------------- - The BUG in command line version was fixed: 7-Zip created temporary archive in current folder during update archive operation, if -w{Path} switch was not specified. The fixed 7-Zip creates temporary archive in folder that contains updated archive. - The BUG in 9.33-9.35 was fixed: 7-Zip silently ignored file reading errors during 7z or gz archive creation, and the created archive contained only part of file that was read before error. The fixed 7-Zip stops archive creation and it reports about error. - Some bugs were fixed. 9.35 beta 2014-12-07 ------------------------- - The BUG was fixed: 7-Zip crashed during ZIP archive creation, if the number of CPU threads was more than 64. - The BUG in 9.31-9.34 was fixed: 7-Zip could not correctly extract ISO archives that are larger than 4 GiB. - The BUG in 9.33-9.34 was fixed: The option "Compress shared files" and -ssw switch didn't work. - The BUG in 9.26-9.34 was fixed: 7-Zip File Manager could crash for some archives open in "Flat View" mode. - Some bugs were fixed. 9.34 alpha 2014-06-22 ------------------------- - The BUG in 9.33 was fixed: Command line version of 7-Zip could work incorrectly, if there is relative path in exclude filename optiton (-x) and absolute path as include filename. - The BUG in 9.26-9.33 was fixed: 7-Zip could not open some unusual 7z archives that were created by another software (not by 7-Zip). - The BUG in 9.31-9.33 was fixed: 7-Zip could crash with switch -tcab. 9.33 alpha 2014-06-15 ------------------------- - 7-Zip now can show icons for 7-Zip items in Explorer's context menu. - "Add to archive" dialog box: - new options in "Path Mode" - new option "Delete files after compression" - new "NTFS" options for WIM and TAR formats: - Store symbolic links - Store hard links - Store alternate data streams - Store file security - "Extract" dialog box: - new optional field to set output folder name - new option "Eliminate duplication of root folder" - new option "Absolute pathnames" in "Path Mode". - new option "Restore file security" (that works for WIM archives only) - 7-Zip File Manager: - new "File / Link" dialog box in to create symbolic links and hard links. - Command line version: - new -spd switch to Disable wildcard matching for file names - new -spe switch to Eliminate duplication of root folder for extract archive command - new -snh switch to store hard links as links (WIM and TAR formats only) - new -snl switch to store symbolic links as links (WIM and TAR formats only) - NSIS support was improved. - The problem was fixed: The command "extract to \*" with multiple archives could use same output folder, if archives are placed inside PE (EXE) file. - The BUG of 9.31-9.32 was fixed: Command line version for test and extract commands returned the value 0 as exit code, if it couldn't open archive. - The BUG was fixed: 7-Zip could not create archives with anti-items for any archive type, except of 7z type - Some bugs were fixed. - New localization: Mongolian (script). 9.32 alpha 2013-12-01 ------------------------- - 7-Zip now can create multivolume SFX archives in 7z format. Standalone sfx module now can unpack external 7z archive with name that is matched to name of sfx module. For example, sfx module renamed to archive.exe can unpack archive.7z or archive.7z.001 . - ZIP, NSIS, HFS, AR support was improved. - 7-Zip now supports files larger than 4 GiB in ISO archives. - Improved compression ratio in 7z format with maximum or ultra level for executable files (EXE and DLL) that are larger than 16 MB (improved BCJ2 filter). - Improved support for file pathnames longer than 260 characters. - CRC and SHA checksum calculation for files can be called via Explorer's context menu. - 7-Zip File Manager now also takes into account the numbers in filenames for sorting order. - 7-Zip File Manager now can use RAM buffers instead of temp files to open nested archives, if temp file is smaller than 1/4 of RAM size. - 7-Zip File Manager can open files in "Parser" mode via "Open Archive > #" context menu command. It shows the list of archives inside file. - Command line version: - new -t# switch to open file in "Parser" mode and show the list of archives inside file. - new -stx{Type} switch to exclude archive type from using. - -scs switch now supports UTF-16 encoding. - now it shows time and memory usage statistics at the end of execution. - The BUGs were fixed: - 7-Zip 9.30 and early versions created ZIP archives with minor errors in extra field of headers for directory items, if AES (WinZip-AES) encryption was used. - 7-Zip could work incorrectly in decompression of more than one multi-volume archive in one command. - 7-Zip 9.24 alpha - 9.30 alpha versions could not extract ZIP archives encrypted with PKWARE-AES method. - Minimum supported system now is Windows 2000. 7-Zip doesn't work on Windows 95/98/ME. - New localization: Irish. 9.30 alpha 2012-10-26 ------------------------- - LZMA2 now is default compression method for .7z format. - 7-Zip now can update WIM archives. - 7-Zip File Manager now can move files to archives. - The default encoding for TAR format now is UTF-8. You can use -mcp=1 switch for OEM encoding. - Command line version: - new "rn" command to rename files in archive. - new -sdel switch to delete files after including to archive. - new -sns switch to store NTFS alternate streams (for WIM format only). - new -sni switch to store NT security information for files (for WIM format only). - new -stl switch to set archive timestamp from the most recently modified file. - Speed optimizations for opening big archives and big disk folders. - 7-Zip now writes special padding blocks to headers of 7z archives for faster archive opening. Note that 7-Zip 4.50 - 4.58 contain BUG, so these old versions can't correctly work with such new 7z archives. - DMG support was improved - Some bugs were fixed. - The BUG in 7-Zip 9.26 alpha - 9.29 alpha versions was fixed. These alpha versions could not open non-solid 7z archive, if some files were skipped during creation of that archive. That problem is also related to 7z archives created in solid mode, if each solid block contains no more than one file. Note: 7-Zip skips files that were open for writing by another application and shows warning in that case. - New localization: Aragonese. 9.25 alpha 2011-09-16 ------------------------- - LZMA decompression speed was improved. - "compress and send to email" code was improved to support more email clients. - New command "h" to calculate hash values CRC-32, CRC-64, SHA-256 or SHA-1 for files on disk. - New -spf switch to store full file paths including drive letter to archive. If you use that switch with extract command, please check that file names in archive are correct. - Some bugs were fixed. 9.23 alpha 2011-06-07 ------------------------- - The format of language files was changed. - Some bugs were fixed. - New localization: Karakalpak. 9.22 beta 2011-04-18 ------------------------- - 7-Zip now uses progress indicator displayed on a taskbar button under Windows 7. - The BUG in 7-Zip 9.21 beta was fixed: 7-Zip could ignore some options when you created ZIP archives. For example, it could use ZipCrypto cipher instead of AES-256. 9.21 beta 2011-04-11 ------------------------- - 7-Zip now can unpack UEFI BIOS files. - 64-bit version of 7-Zip now includes additional 32-bit shell extension DLL. So other 32-bit programs can call 64-bit 7-Zip via context menu. - Now it's possible to associate 7-Zip with file types without Administrator rights. - New -mf=FilterID switch to specify compression filter. Examples: 7z a -mf=bcj2 a.7z a.tar 7z a -mf=delta:4 a.7z a.wav 7z a -mf=bcj a.tar.xz a.tar - 32-bit 7-Zip running under 64-bit Windows now can use up to 4 GB of RAM. - Some bugs were fixed. - New localizations: Corsican, Kyrgyz, Ligurian. 9.20 2010-11-18 ------------------------- - Some bugs were fixed. 9.19 beta 2010-11-11 ------------------------- - The console version now doesn't show entered password. - Some bugs were fixed. 9.18 beta 2010-11-02 ------------------------- - 7-Zip now can unpack SquashFS and CramFS filesystem images. - 7-Zip now can unpack some TAR and ISO archives with incorrect headers. - New small SFX module for installers (in Extra package). - Some bugs were fixed. 9.17 beta 2010-10-04 ------------------------- - Disk fragmentation problem for ZIP archives created by 7-Zip was fixed. 9.16 beta 2010-09-08 ------------------------- - 7-Zip now supports files that are larger than 8 GB in TAR archives. - NSIS support was improved. - Some bugs were fixed. - New localizations: Hindi, Gujarati, Sanskrit. 9.15 beta 2010-06-20 ------------------------- - Some bugs were fixed. - New localization: Tatar. 9.14 beta 2010-06-04 ------------------------- - WIM support was improved. 9.13 beta 2010-04-15 ------------------------- - 7-Zip now stores NTFS file timestamps to ZIP archives. - New additional "Open archive >" item in context menu allows to select archive type for some files. - Some bugs were fixed. - New localization: Uyghur. 9.12 beta 2010-03-24 ------------------------- - ZIP / PPMd compression ratio was improved in Maximum and Ultra modes. - The BUG in 7-Zip 9.* beta was fixed: LZMA2 codec didn't work, if more than 10 threads were used (or more than 20 threads in some modes). 9.11 beta 2010-03-15 ------------------------- - 7-Zip now supports PPMd compression in ZIP archives. - Speed optimizations in PPMd codec. - The support for archives in installers was improved. - Some bugs were fixed. - New localization: Kazakh. 9.10 beta 2009-12-22 ------------------------- - The BUG in 7-Zip 9.09 beta was fixed: 7-Zip created incorrect ZIP archives, if ZipCrypto encryption was used. 9.09 beta 2009-12-12 ------------------------- - 7-Zip now can unpack Apple Partition Map (APM) disk images. - Speed optimizations in AES code for Intel's 32nm CPUs. - Speed optimizations in CRC calculation code for Intel's Atom CPUs. - Some bugs were fixed. 9.07 beta 2009-08-27 ------------------------- - It's possible to specify Diff program in options (7-Zip File Manager). - Some bugs were fixed. 9.06 beta 2009-08-17 ------------------------- - 7-Zip now can unpack MSLZ archives. - Partial parsing for EXE resources, SWF and FLV. - Some bugs were fixed. 9.04 beta 2009-05-30 ------------------------- - 7-Zip now can update solid .7z archives. - 7-Zip now supports LZMA2 compression method. - 7-Zip now supports XZ archives. - 7-Zip now can unpack NTFS, FAT, VHD and MBR archives. - 7-Zip now can unpack GZip, BZip2, LZMA, XZ and TAR archives from stdin. - 7-Zip now can open/copy/compress disk images (like \\.\c:) from \\.\ folder. - 7-Zip File Manager now doesn't use temp files to open nested archives stored without compression. - New -scrc switch to calculate total CRC-32 during extracting / testing. - New -scc{WIN|DOS|UTF-8} switch to specify charset for console input/output (default = DOS). - Some bugs were fixed. 4.65 2009-02-03 ------------------------- - 7-Zip File Manager now can calculate SHA-256 checksum. - Some bugs were fixed. 4.64 2009-01-03 ------------------------- - The bug in 7-Zip 4.63 was fixed: 7-Zip could no

Targets

    • Target

      abdccf5ca47b604fb09b75af68fdb34209d4fca9d22f4912555bacc4c8ff0bca

    • Size

      3.1MB

    • MD5

      63d7486ba525751de7e1772b6df70801

    • SHA1

      de3ebeb9b34176ed8555fb5d5d7875b710c3ca19

    • SHA256

      abdccf5ca47b604fb09b75af68fdb34209d4fca9d22f4912555bacc4c8ff0bca

    • SHA512

      6ea055147446a476698f72f9b93381d348214e26db1dcf80de4dcb9d962ef3ef4959f946088d093b308c993b32d16d637e1215269e8defceaec43d540bc98d0e

    • SSDEEP

      98304:JBdPk4vVq5XdkyaH0YwhUuP/uftssybFiNgQ:xPLVqBayGgUg6YqgQ

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks