Pass_1234_Setup[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Pass_1234_Setup.rar
Size

8.5MB
MD5

43a7e89ecdb3afb404e556e6dc1d5ac7
SHA1

f403f83795f14d541477daed5770ac8b1c059500
SHA256

313068299ad84a7a7c95ec3ddd8d4bd8aacd89203d22d839f5a47d4ea3ad20cb
SHA512

be6637b57ee53e60b6b48bebde228e1fb7dc22048dc3565719b4d9f1561bb8dea25f5e2a83625cf8721631f38da8c74d23e1738e59a83a6121618bca2c40b504
SSDEEP

196608:utSNTCfwvT3sbp+xVGP36qRvGvNMNacxefMz80x51a:ugNcdp+xVgRvG1Mkc4fN+g

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Setup_win32_64.exe	vmprotect

Files

Pass_1234_Setup.rar
.rar

Password: 1234
.local/.threat_dragon/.git/HEAD
.local/.threat_dragon/.git/config
.local/.threat_dragon/.git/description
.local/.threat_dragon/.git/index
.local/.threat_dragon/.git/packed-refs
.local/.threat_dragon/.gitattributes
.local/.threat_dragon/.gitignore
.local/.threat_dragon/.jshintignore
.local/.threat_dragon/.jshintrc
.local/.threat_dragon/.snyk
.local/.threat_dragon/.travis.yml
.local/.threat_dragon/LICENSE.txt
.local/.threat_dragon/README.md
.local/.threat_dragon/app/app.js
.js
.local/.threat_dragon/app/config.autoupdate.js
.js
.local/.threat_dragon/app/config.exceptionHandler.js
.js
.local/.threat_dragon/app/config.route.js
.js
.local/.threat_dragon/app/layout/index.js
.js
.local/.threat_dragon/app/layout/shell.html
.local/.threat_dragon/app/layout/shell.js
.js
.local/.threat_dragon/app/layout/update.html
.local/.threat_dragon/app/services/datacontext.js
.js
.local/.threat_dragon/app/services/datacontextdemo.js
.js
.local/.threat_dragon/app/services/electron.js
.js
.local/.threat_dragon/app/services/index.js
.js
.local/.threat_dragon/app/services/threatmodellocator.js
.js
.local/.threat_dragon/app/threatmodels/desktopreport.html
.local/.threat_dragon/app/threatmodels/desktopreport.js
.js
.local/.threat_dragon/app/threatmodels/index.js
.js
.local/.threat_dragon/app/welcome/index.js
.js
.local/.threat_dragon/app/welcome/welcome.html
.local/.threat_dragon/app/welcome/welcome.js
.js
.local/.threat_dragon/config/squirrel.js
.js
.local/.threat_dragon/content/app.css
.local/.threat_dragon/content/bootstrap-custom.css
.local/.threat_dragon/content/bootstrap-theme.css
.local/.threat_dragon/content/icons/icon.icns
.local/.threat_dragon/content/icons/icon.ico
.local/.threat_dragon/content/icons/png/1024x1024.gif
.gif
.local/.threat_dragon/content/icons/png/1024x1024.png
.png
.local/.threat_dragon/content/icons/png/128x128.png
.png
.local/.threat_dragon/content/icons/png/16x16.png
.png
.local/.threat_dragon/content/icons/png/24x24.png
.png
.local/.threat_dragon/content/icons/png/256x256.png
.png
.local/.threat_dragon/content/icons/png/32x32.png
.png
.local/.threat_dragon/content/icons/png/48x48.png
.png
.local/.threat_dragon/content/icons/png/512x512.png
.png
.local/.threat_dragon/content/icons/png/64x64.png
.png
.local/.threat_dragon/content/icons/png/96x96.png
.png
.local/.threat_dragon/content/icons/png/cupcakes-installing.gif
.gif
.local/.threat_dragon/content/icons/win/td.ico
.local/.threat_dragon/content/images/threatdragon.ico
.local/.threat_dragon/content/images/threatdragon_logo_image.svg
.local/.threat_dragon/content/images/thumbnail.jpg
.jpg
.local/.threat_dragon/content/threatdragon.css
.local/.threat_dragon/content/threatdragon.min.css
.local/.threat_dragon/content/ubuntu.css
.local/.threat_dragon/electron-builder.json
.local/.threat_dragon/fonts/4iCs6KVjbNBYlgoKfw72.woff2
.local/.threat_dragon/fonts/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
.local/.threat_dragon/fonts/FontAwesome.otf
.local/.threat_dragon/fonts/fontawesome-webfont.eot
.local/.threat_dragon/fonts/fontawesome-webfont.svg
.xml
.local/.threat_dragon/fonts/fontawesome-webfont.ttf
.local/.threat_dragon/fonts/fontawesome-webfont.woff
.local/.threat_dragon/fonts/fontawesome-webfont.woff2
.local/.threat_dragon/fonts/glyphicons-halflings-regular.eot
.local/.threat_dragon/fonts/glyphicons-halflings-regular.svg
.xml
.local/.threat_dragon/fonts/glyphicons-halflings-regular.ttf
.local/.threat_dragon/fonts/glyphicons-halflings-regular.woff
.local/.threat_dragon/fonts/glyphicons-halflings-regular.woff2
.local/.threat_dragon/index.html
.html
.local/.threat_dragon/installer-lin.js
.js
.local/.threat_dragon/installer-osx.js
.js
.local/.threat_dragon/installer-win.js
.js
.local/.threat_dragon/karma.conf.js
.js
.local/.threat_dragon/main.js
.js
.local/.threat_dragon/package-lock.json
.local/.threat_dragon/package.json
.local/.threat_dragon/public/content/images/thumbnail.jpg
.jpg
.local/.threat_dragon/screenshots/diagram.PNG
.png
.local/.threat_dragon/screenshots/threat.PNG
.png
.local/.threat_dragon/screenshots/welcome.PNG
.png
.local/.threat_dragon/tests/specs/datacontext_spec.js
.js
.local/.threat_dragon/tests/specs/datacontextdemo_spec.js
.js
.local/.threat_dragon/tests/specs/desktopreport_spec.js
.js
.local/.threat_dragon/tests/specs/shell_spec.js
.js
.local/.threat_dragon/tests/specs/support/jasmin.json
.local/.threat_dragon/tests/specs/test.js
.js
.local/.threat_dragon/tests/specs/threatmodellocator_spec.js
.js
.local/.threat_dragon/tests/specs/welcome_spec.js
.js
.local/bin/normalizer
.sh linux
.local/certifi-2021.5.30.dist-info/INSTALLER
.local/certifi-2021.5.30.dist-info/LICENSE
.local/certifi-2021.5.30.dist-info/METADATA
.local/certifi-2021.5.30.dist-info/RECORD
.local/certifi-2021.5.30.dist-info/WHEEL
.local/certifi-2021.5.30.dist-info/top_level.txt
.local/certifi/__init__.py
.local/certifi/__main__.py
.local/certifi/__pycache__/__init__.cpython-38.pyc
.local/certifi/__pycache__/__main__.cpython-38.pyc
.local/certifi/__pycache__/core.cpython-38.pyc
.local/certifi/cacert.pem
.local/certifi/core.py
.local/charset_normalizer-2.0.3.dist-info/INSTALLER
.local/charset_normalizer-2.0.3.dist-info/LICENSE
.local/charset_normalizer-2.0.3.dist-info/METADATA
.local/charset_normalizer-2.0.3.dist-info/RECORD
.local/charset_normalizer-2.0.3.dist-info/WHEEL
.local/charset_normalizer-2.0.3.dist-info/entry_points.txt
.local/charset_normalizer-2.0.3.dist-info/top_level.txt
.local/charset_normalizer/__init__.py
.local/charset_normalizer/__pycache__/__init__.cpython-38.pyc
.local/charset_normalizer/__pycache__/api.cpython-38.pyc
.local/charset_normalizer/__pycache__/cd.cpython-38.pyc
.local/charset_normalizer/__pycache__/constant.cpython-38.pyc
.local/charset_normalizer/__pycache__/legacy.cpython-38.pyc
.local/charset_normalizer/__pycache__/md.cpython-38.pyc
.local/charset_normalizer/__pycache__/models.cpython-38.pyc
.local/charset_normalizer/__pycache__/utils.cpython-38.pyc
.local/charset_normalizer/__pycache__/version.cpython-38.pyc
.local/charset_normalizer/api.py
.local/charset_normalizer/assets/__init__.py
.local/charset_normalizer/assets/__pycache__/__init__.cpython-38.pyc
.local/charset_normalizer/cd.py
.local/charset_normalizer/cli/__pycache__/__init__.cpython-38.pyc
.local/charset_normalizer/cli/__pycache__/normalizer.cpython-38.pyc
.local/charset_normalizer/cli/normalizer.py
.local/charset_normalizer/constant.py
.local/charset_normalizer/legacy.py
.local/charset_normalizer/md.py
.local/charset_normalizer/models.py
.local/charset_normalizer/utils.py
.local/charset_normalizer/version.py
.local/idna-3.2.dist-info/INSTALLER
.local/idna-3.2.dist-info/LICENSE.md
.local/idna-3.2.dist-info/METADATA
.local/idna-3.2.dist-info/RECORD
.local/idna-3.2.dist-info/WHEEL
.local/idna-3.2.dist-info/top_level.txt
.local/idna/__init__.py
.local/idna/__pycache__/__init__.cpython-38.pyc
.local/idna/__pycache__/codec.cpython-38.pyc
.local/idna/__pycache__/compat.cpython-38.pyc
.local/idna/__pycache__/core.cpython-38.pyc
.local/idna/__pycache__/idnadata.cpython-38.pyc
.local/idna/__pycache__/intranges.cpython-38.pyc
.local/idna/__pycache__/package_data.cpython-38.pyc
.local/idna/__pycache__/uts46data.cpython-38.pyc
.local/idna/codec.py
.local/idna/compat.py
.local/idna/core.py
.local/idna/idnadata.py
.local/idna/intranges.py
.local/idna/package_data.py
.local/idna/uts46data.py
.local/requests-2.26.0.dist-info/INSTALLER
.local/requests-2.26.0.dist-info/LICENSE
.local/requests-2.26.0.dist-info/METADATA
.local/requests-2.26.0.dist-info/RECORD
.local/requests-2.26.0.dist-info/WHEEL
.local/requests-2.26.0.dist-info/top_level.txt
.local/requests/__init__.py
.local/requests/__pycache__/__init__.cpython-38.pyc
.local/requests/__pycache__/__version__.cpython-38.pyc
.local/requests/__pycache__/_internal_utils.cpython-38.pyc
.local/requests/__pycache__/adapters.cpython-38.pyc
.local/requests/__pycache__/api.cpython-38.pyc
.local/requests/__pycache__/auth.cpython-38.pyc
.local/requests/__pycache__/certs.cpython-38.pyc
.local/requests/__pycache__/compat.cpython-38.pyc
.local/requests/__pycache__/cookies.cpython-38.pyc
.local/requests/__pycache__/exceptions.cpython-38.pyc
.local/requests/__pycache__/help.cpython-38.pyc
.local/requests/__pycache__/hooks.cpython-38.pyc
.local/requests/__pycache__/models.cpython-38.pyc
.local/requests/__pycache__/packages.cpython-38.pyc
.local/requests/__pycache__/sessions.cpython-38.pyc
.local/requests/__pycache__/status_codes.cpython-38.pyc
.local/requests/__pycache__/structures.cpython-38.pyc
.local/requests/__pycache__/utils.cpython-38.pyc
.local/requests/__version__.py
.local/requests/_internal_utils.py
.local/requests/adapters.py
.local/requests/api.py
.local/requests/auth.py
.local/requests/certs.py
.py .sh linux
.local/requests/compat.py
.local/requests/cookies.py
.local/requests/exceptions.py
.local/requests/help.py
.local/requests/hooks.py
.local/requests/models.py
.local/requests/packages.py
.local/requests/sessions.py
.local/requests/status_codes.py
.local/requests/structures.py
.local/requests/utils.py
.local/urllib3-1.26.6.dist-info/INSTALLER
.local/urllib3-1.26.6.dist-info/LICENSE.txt
.local/urllib3-1.26.6.dist-info/METADATA
.local/urllib3-1.26.6.dist-info/RECORD
.local/urllib3-1.26.6.dist-info/WHEEL
.local/urllib3-1.26.6.dist-info/top_level.txt
.local/urllib3/__init__.py
.local/urllib3/__pycache__/__init__.cpython-38.pyc
.local/urllib3/__pycache__/_collections.cpython-38.pyc
.local/urllib3/__pycache__/_version.cpython-38.pyc
.local/urllib3/__pycache__/connection.cpython-38.pyc
.local/urllib3/__pycache__/connectionpool.cpython-38.pyc
.local/urllib3/__pycache__/exceptions.cpython-38.pyc
.local/urllib3/__pycache__/fields.cpython-38.pyc
.local/urllib3/__pycache__/filepost.cpython-38.pyc
.local/urllib3/__pycache__/poolmanager.cpython-38.pyc
.local/urllib3/__pycache__/request.cpython-38.pyc
.local/urllib3/__pycache__/response.cpython-38.pyc
.local/urllib3/_collections.py
.local/urllib3/_version.py
.local/urllib3/connection.py
.local/urllib3/connectionpool.py
.py .js
.local/urllib3/contrib/__pycache__/__init__.cpython-38.pyc
.local/urllib3/contrib/__pycache__/_appengine_environ.cpython-38.pyc
.local/urllib3/contrib/__pycache__/appengine.cpython-38.pyc
.local/urllib3/contrib/__pycache__/ntlmpool.cpython-38.pyc
.local/urllib3/contrib/__pycache__/pyopenssl.cpython-38.pyc
.js
.local/urllib3/contrib/__pycache__/securetransport.cpython-38.pyc
.js
.local/urllib3/contrib/__pycache__/socks.cpython-38.pyc
.local/urllib3/contrib/_appengine_environ.py
.local/urllib3/contrib/_securetransport/__pycache__/__init__.cpython-38.pyc
.local/urllib3/contrib/_securetransport/__pycache__/bindings.cpython-38.pyc
.local/urllib3/contrib/_securetransport/__pycache__/low_level.cpython-38.pyc
.local/urllib3/contrib/_securetransport/bindings.py
.local/urllib3/contrib/_securetransport/low_level.py
.local/urllib3/contrib/appengine.py
.local/urllib3/contrib/ntlmpool.py
.local/urllib3/contrib/pyopenssl.py
.py .js
.local/urllib3/contrib/securetransport.py
.py .js
.local/urllib3/contrib/socks.py
.local/urllib3/exceptions.py
.local/urllib3/fields.py
.local/urllib3/filepost.py
.local/urllib3/packages/__init__.py
.local/urllib3/packages/__pycache__/__init__.cpython-38.pyc
.local/urllib3/packages/__pycache__/six.cpython-38.pyc
.local/urllib3/packages/backports/__pycache__/__init__.cpython-38.pyc
.local/urllib3/packages/backports/__pycache__/makefile.cpython-38.pyc
.local/urllib3/packages/backports/makefile.py
.local/urllib3/packages/six.py
.local/urllib3/packages/ssl_match_hostname/__init__.py
.local/urllib3/packages/ssl_match_hostname/__pycache__/__init__.cpython-38.pyc
.local/urllib3/packages/ssl_match_hostname/__pycache__/_implementation.cpython-38.pyc
.local/urllib3/packages/ssl_match_hostname/_implementation.py
.local/urllib3/poolmanager.py
.local/urllib3/request.py
.local/urllib3/response.py
.local/urllib3/util/__init__.py
.local/urllib3/util/__pycache__/__init__.cpython-38.pyc
.local/urllib3/util/__pycache__/connection.cpython-38.pyc
.local/urllib3/util/__pycache__/proxy.cpython-38.pyc
.local/urllib3/util/__pycache__/queue.cpython-38.pyc
.local/urllib3/util/__pycache__/request.cpython-38.pyc
.local/urllib3/util/__pycache__/response.cpython-38.pyc
.local/urllib3/util/__pycache__/retry.cpython-38.pyc
.local/urllib3/util/__pycache__/ssl_.cpython-38.pyc
.local/urllib3/util/__pycache__/ssltransport.cpython-38.pyc
.js
.local/urllib3/util/__pycache__/timeout.cpython-38.pyc
.local/urllib3/util/__pycache__/url.cpython-38.pyc
.local/urllib3/util/__pycache__/wait.cpython-38.pyc
.local/urllib3/util/connection.py
.py .js
.local/urllib3/util/proxy.py
.local/urllib3/util/queue.py
.local/urllib3/util/request.py
.local/urllib3/util/response.py
.local/urllib3/util/retry.py
.local/urllib3/util/ssl_.py
.local/urllib3/util/ssltransport.py
.py .js
.local/urllib3/util/timeout.py
.local/urllib3/util/url.py
.local/urllib3/util/wait.py
Setup_win32_64.exe
.exe windows x86

Password: 1234

00de631d57481fec13b7898c99324f13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalSize
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

GetDeviceCaps

ole32

CoInitialize

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

00de631d57481fec13b7898c99324f13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

user32

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 200KB - Virtual size: 354KB

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 200KB - Virtual size: 354KB