Zeus 1[.]1[.]0[.]0[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Zeus 1.1.0.0.rar
Size

1.1MB
MD5

866681ae3248b68aea0f1e1598386b5c
SHA1

75eefac85a6c0f9a8fd1438182f4dea881656856
SHA256

3d8577327066b233e5030606cd27b0ac30102f0267a03bbdd6c29f8a023d487c
SHA512

a48c69c727e08e9d721ba04b9756a040a48986f7e4582c2ca4b62af954e4a2388cd117eac146396e4488d7c1bd86cdb390534dc08870b12a7bd039e300eb6423
SSDEEP

24576:gbXclyjo5yFsdsVCmnDaV4nOEWXRbjTPoHwKXYopZBW/8dM8vsgbrK:RIEyBPWBDQwKookqvLe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1.1.0.0/zsb Builder.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1.1.0.0/zsb Builder.exe
unpack002/out.upx

Files

Zeus 1.1.0.0.rar
.rar

Password: infected
1.1.0.0/config.txt
1.1.0.0/help.chm
.chm
1.1.0.0/phpWeb/.install/geobase.txt
1.1.0.0/phpWeb/.install/index.php
1.1.0.0/phpWeb/.install/php.php
1.1.0.0/phpWeb/in.php
1.1.0.0/phpWeb/s.php
1.1.0.0/phpWeb/system/.htaccess
1.1.0.0/phpWeb/system/en.bcmds.lng.php
1.1.0.0/phpWeb/system/en.bots.lng.php
1.1.0.0/phpWeb/system/en.dblogs.lng.php
1.1.0.0/phpWeb/system/en.dbtlogs.lng.php
1.1.0.0/phpWeb/system/en.lfiles.lng.php
1.1.0.0/phpWeb/system/en.lng.php
1.1.0.0/phpWeb/system/en.login.lng.php
1.1.0.0/phpWeb/system/en.options.lng.php
1.1.0.0/phpWeb/system/en.spam.lng.php
1.1.0.0/phpWeb/system/en.stats.lng.php
1.1.0.0/phpWeb/system/en.user.lng.php
1.1.0.0/phpWeb/system/en.users.lng.php
1.1.0.0/phpWeb/system/fmt.php
1.1.0.0/phpWeb/system/global.php
1.1.0.0/phpWeb/system/mod.bcmds.php
1.1.0.0/phpWeb/system/mod.bots.php
1.1.0.0/phpWeb/system/mod.dblogs.php
.js
1.1.0.0/phpWeb/system/mod.dbtlogs.php
.ps1
1.1.0.0/phpWeb/system/mod.lfiles.php
.ps1
1.1.0.0/phpWeb/system/mod.login.php
1.1.0.0/phpWeb/system/mod.options.php
1.1.0.0/phpWeb/system/mod.spam.php
1.1.0.0/phpWeb/system/mod.stats.php
1.1.0.0/phpWeb/system/mod.user.php
1.1.0.0/phpWeb/system/mod.users.php
1.1.0.0/phpWeb/system/ru.bcmds.lng.php
1.1.0.0/phpWeb/system/ru.bots.lng.php
1.1.0.0/phpWeb/system/ru.dblogs.lng.php
1.1.0.0/phpWeb/system/ru.dbtlogs.lng.php
1.1.0.0/phpWeb/system/ru.lfiles.lng.php
1.1.0.0/phpWeb/system/ru.lng.php
1.1.0.0/phpWeb/system/ru.login.lng.php
1.1.0.0/phpWeb/system/ru.options.lng.php
1.1.0.0/phpWeb/system/ru.spam.lng.php
1.1.0.0/phpWeb/system/ru.stats.lng.php
1.1.0.0/phpWeb/system/ru.user.lng.php
1.1.0.0/phpWeb/system/ru.users.lng.php
1.1.0.0/phpWeb/theme/html.php
1.1.0.0/phpWeb/theme/menu.js
.js
1.1.0.0/phpWeb/theme/style.css
1.1.0.0/webinjects.txt
.js
1.1.0.0/zsb Builder.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 914KB - Virtual size: 913KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 456KB

UPX1 Size: 516KB - Virtual size: 516KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 914KB - Virtual size: 913KB

UPX0
Size: - Virtual size: 456KB

UPX1
Size: 516KB - Virtual size: 516KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 914KB - Virtual size: 913KB