Desktop[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.rar
Size

9.9MB
MD5

a1e4edcf18d143d9b1127109149b0c28
SHA1

d5b829db90eff659411fc0539a01d0bdc07c0661
SHA256

54d2e01694cffe0b6ba8e40080744a888597193158e26145f9caa67299919b82
SHA512

d12a97c938146e11cc254ec6d1c1b0cb8ade5f96b90cbc1d9c687adb820e5590cff1edcc4f698bb72660c1552f6167ef1e05f0265d3de3a77af0d3bc9cfc2966
SSDEEP

196608:WHW79mix8WbyDuoeQMbDdqaWfe7u/VjbCfIchmYIja/tlKTvHhQrXeV:RZWmGlYwaWfe70iIAlKW7yhkW

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Crack/EasyPasswordRecoveryRAR.exe
unpack001/rar-password-recover.exe

Files

Desktop.rar
.rar .ps1

Password: virus
Crack/EasyPasswordRecoveryRAR.exe
.exe windows x86

Password: virus

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rar-password-recover.exe
.exe windows x86

Password: virus

d4fe8eec31ba44b37546499596e74621

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

kernel32

LoadLibraryW
GetModuleHandleW
lstrcmpW
lstrcmpiW
GetSystemDefaultLangID
GetUserDefaultLangID
VerLanguageNameW
CompareFileTime
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetSystemTimeAsFileTime
GetPrivateProfileStringW
MoveFileW
LocalFree
FormatMessageW
GetSystemInfo
MulDiv
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryExW
GetVersion
GetLocalTime
IsValidLocale
GetCommandLineW
GetFileAttributesW
FlushFileBuffers
SetEndOfFile
VirtualQuery
lstrcpyA
IsBadReadPtr
GetDiskFreeSpaceW
GetDriveTypeW
GetExitCodeProcess
GetCurrentThread
GetLocaleInfoW
InterlockedExchange
LoadLibraryExA
GetProcAddress
FreeLibrary
CompareStringA
CompareStringW
lstrcatW
GetVersionExW
InterlockedDecrement
InterlockedIncrement
CreateEventW
QueryPerformanceFrequency
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetTempFileNameW
SetConsoleCtrlHandler
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
FatalAppExitA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapReAlloc
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThreadId
HeapSize
AreFileApisANSI
GetModuleHandleExW
GetStdHandle
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
lstrcpynA
LocalAlloc
QueryPerformanceCounter
SearchPathW
lstrcmpA
SystemTimeToFileTime
ResetEvent
SetEvent
VirtualProtect
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetDateFormatW
GetTimeFormatW
GetCurrentDirectoryW
FindResourceExW
GetLastError
CopyFileW
GetTickCount
GetExitCodeThread
CreateThread
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
lstrcpyW
GetWindowsDirectoryW
SetErrorMode
GetTempPathW
ExpandEnvironmentStringsW
MoveFileExW
WriteProcessMemory
VirtualProtectEx
GetSystemDirectoryW
FlushInstructionCache
SetThreadContext
GetThreadContext
CreateProcessW
ResumeThread
TerminateProcess
ExitProcess
GetCurrentProcess
Sleep
WaitForSingleObject
DuplicateHandle
RemoveDirectoryW
DeleteFileW
SetCurrentDirectoryW
lstrlenW
lstrcpynW
GetModuleFileNameW
GetProcessHeap
HeapFree
HeapAlloc
WriteFile
SetFilePointer
ReadFile
WideCharToMultiByte
GetEnvironmentVariableW
SetFileTime
GetFileTime
OpenProcess
GetProcessTimes
LCMapStringW
DecodePointer
EncodePointer
MultiByteToWideChar
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSize
CreateFileW
SetLastError
GetConsoleCP

user32

DefWindowProcW
PostMessageW
DispatchMessageW
PostQuitMessage
RegisterClassW
TranslateMessage
GetMessageW
CharUpperW
KillTimer
SetTimer
GetDC
CharPrevW
SendDlgItemMessageW
wvsprintfW
LoadImageW
CreateDialogParamW
MoveWindow
SetCursor
GetWindow
GetDlgItemTextW
SetFocus
EnableWindow
SetForegroundWindow
SetActiveWindow
SetDlgItemTextW
IsDialogMessageW
FindWindowW
SubtractRect
IntersectRect
SetRect
FillRect
GetSysColorBrush
GetSysColor
GetWindowRect
ExitWindowsEx
GetSystemMetrics
GetDlgCtrlID
CreateDialogIndirectParamW
DestroyWindow
IsWindow
SendMessageW
MessageBoxW
CharNextW
WaitForInputIdle
SetWindowLongW
GetWindowLongW
GetClientRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
SetWindowPos
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
ShowWindow
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageW
wsprintfW
LoadIconW
LoadCursorW
CreateWindowExW

gdi32

GetObjectW
SetTextColor
SetBkMode
GetDeviceCaps
CreateFontW
CreateFontIndirectW
SetStretchBltMode
StretchBlt
SelectObject
DeleteDC
CreateDIBitmap
CreateCompatibleDC
BitBlt
DeleteObject
GetStockObject
CreatePalette
GetSystemPaletteEntries
RealizePalette
SelectPalette
GetDIBColorTable
CreateHalftonePalette
UnrealizeObject
TranslateCharsetInfo
CreateSolidBrush

advapi32

RegCloseKey
CryptSignHashW
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptVerifySignatureW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW
SHGetMalloc

ole32

CoCreateInstance
StringFromGUID2
CoCreateGuid
CreateItemMoniker
GetRunningObjectTable
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ProgIDFromCLSID
CoUninitialize
CoInitializeSecurity
CoInitialize

oleaut32

LoadTypeLi
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
VarBstrFromDate
VariantClear
VariantChangeType
GetErrorInfo
VarUI4FromStr
SystemTimeToVariantTime
RegisterTypeLi
SetErrorInfo
CreateErrorInfo

crypt32

CryptAcquireCertificatePrivateKey
CryptImportPublicKeyInfo
PFXImportCertStore
CertSaveStore
CertOpenStore
CertFindCertificateInStore
CertCompareCertificate
CertOpenSystemStoreW
CertGetIssuerCertificateFromStore
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertEnumCertificatesInStore

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

Sections

.text
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: virus

Password: virus

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 620KB - Virtual size: 620KB

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 512B - Virtual size: 12B

Password: virus

d4fe8eec31ba44b37546499596e74621

Headers

DLL Characteristics

File Characteristics

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

rpcrt4

Sections

.text Size: 717KB - Virtual size: 717KB

.rdata Size: 217KB - Virtual size: 216KB

.data Size: 9KB - Virtual size: 35KB

.rsrc Size: 317KB - Virtual size: 317KB

.text
Size: 620KB - Virtual size: 620KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 717KB - Virtual size: 717KB

.rdata
Size: 217KB - Virtual size: 216KB

.data
Size: 9KB - Virtual size: 35KB

.rsrc
Size: 317KB - Virtual size: 317KB