10506231655[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10506231655.zip
Size

4.8MB
MD5

cabd3f1f10906c3360e1e1073ae82065
SHA1

c6138ae6a150f3d3f1fc6c3cc4f49293dc6a6787
SHA256

764c482a88678e293f485cb9a856f751af17f724a96cc888e754e0ba0b762d67
SHA512

8fc5d6c0c6d7c0ce2d36b1c4e343b7ef5089316178a57aee828ac165e0fcf8d367c1cadd9ccad66261dd8290c864983ddb11c7412e609db07044f4845165a123
SSDEEP

98304:sI0gAxFrMtQnzqBFVsFHp8uEoWnKuzP6xfS0G/LrpDkcuO:agmrMt7FVsFHXLqCxfhGnxkFO

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/D4s.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/KI2005.EXE	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/D4s.exe
unpack002/KI2005.EXE

Files

10506231655.zip
.zip

Password: infected
9153636a762c320ab890133647c879758f5b322cb55a85437811b4c470a487e6
.rar
D4s.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 666KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KI2005.EXE
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 628KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 491KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
reedme.txt
БОНУС/1.jpg
.jpg
БОНУС/10.JPG
.jpg
БОНУС/2.JPG
.jpg
БОНУС/3.JPG
.jpg
БОНУС/4.JPG
.jpg
БОНУС/5.JPG
.jpg
БОНУС/6.JPG
.jpg
БОНУС/7.JPG
.jpg
БОНУС/8.jpg
.jpg
БОНУС/9.JPG
.jpg

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

.text Size: 666KB - Virtual size: 724KB

.data Size: 512B - Virtual size: 12KB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 160KB

.reloc Size: - Virtual size: 12KB

.aspack Size: 7KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 628KB

UPX1 Size: 491KB - Virtual size: 492KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 666KB - Virtual size: 724KB

.data
Size: 512B - Virtual size: 12KB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 160KB

.reloc
Size: - Virtual size: 12KB

.aspack
Size: 7KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 628KB

UPX1
Size: 491KB - Virtual size: 492KB

.rsrc
Size: 5KB - Virtual size: 8KB