gt-virtualslut[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

gt-virtualslut.rar
Size

624KB
MD5

7c9081af12474e58bf877e04f1fb6173
SHA1

a375babbacbc432e00647932d7c1885ad64e0803
SHA256

ba88d06c80fe6b73c81193078e53c749ff3a3b4e544c3721523a1d9c84483c99
SHA512

97e8c3f44205ba1f8963350d159a18f228ce82d898d63731501559d3e9e9712b6433996046693792479b41f8db59c5f56baff67a5082bd144172964e7b43afa7
SSDEEP

12288:O8xGxZDlMHKEjEDCz+lJpXrt2q7BFNcNcj4+crlV/FNb7MNi/iql0ry5dCR5b:OwGxNaHnAgyDh39ivrrlVTbgNUYbTb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/EXPL32.EXE	upx
static1/unpack001/explorer2.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EXPL32.EXE
unpack001/explorer2.exe
unpack003/out.upx
unpack001/uncapper.exe

Files

gt-virtualslut.rar
.rar

Password: infected
EXPL32.EXE
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 561KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXPLORER.scr
explorer2.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@WndListDlg$qpvuiuil
@WndProc$qpvuiuil
__GetExceptDLLinfo

Sections

CODE
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mirc.ini
remote.ini
scanner.ini
script.ini
.vbs
script1.ini
script2.ini
script3.ini
uncapper.exe
.exe windows x86

Password: infected

07da4cab1e826e58b04f8159c1c9ca35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
ord689
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstal.log
updater.ini

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 561KB - Virtual size: 564KB

.rsrc Size: 17KB - Virtual size: 20KB

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 448KB

UPX1 Size: 16KB - Virtual size: 64KB

.rsrc Size: 2KB - Virtual size: 64KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 24KB - Virtual size: 28KB

DATA Size: 5KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 4KB

Password: infected

07da4cab1e826e58b04f8159c1c9ca35

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 561KB - Virtual size: 564KB

.rsrc
Size: 17KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 448KB

UPX1
Size: 16KB - Virtual size: 64KB

.rsrc
Size: 2KB - Virtual size: 64KB

CODE
Size: 24KB - Virtual size: 28KB

DATA
Size: 5KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 5KB