files[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

files.zip
Size

962KB
MD5

693884d17ab014a4c2c980bde39a827c
SHA1

7f32be0e675dd5af70bd2601fe9d898546333749
SHA256

54c536e9f4148b5388721f86b50d78630f011f1919d080d753ed8ccfa1d0e999
SHA512

581fe31bf2c5b628296804e733287af7d61059d458310e6cc3832806370c6ad04f79229c39a06bbb6e9ac77ba25fabe68fa7ce067e1d79b515e7b5474281c90e
SSDEEP

24576:fwoOHmd44Vh/XnSw2Tun1y7D5pqEzc7ZN2sOA1QK:fPOHsv/XSZG1y7D+SsDjz

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/JNIBiv6.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/bthudtask.exe
unpack001/ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/oUjg4Ng.log

Files

files.zip
.zip
ZI.pdf.lnk
.lnk
ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/JNIBiv6.pdf
.pdf
- http://www.towerfast.com/
- http://www.towerfast.com
ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/bthudtask.exe
.exe windows:10 windows x64

9abeb2b37a47478c60d77a46a439a38b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
SetEvent
DelayLoadFailureHook
ResolveDelayLoadedAPI
CompareStringOrdinal
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetLastError
OpenEventW
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
memset
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
__C_specific_handler
_cexit

advapi32

RegQueryValueExW
RegCloseKey

devobj

DevObjGetClassDevs
DevObjUninstallDevice
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList
DevObjEnumDeviceInfo
DevObjGetDeviceInstanceId
DevObjDestroyDeviceInfoList

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/nl9nZkW.sct
ZPI/WJBn/9RX/lwam/RC/pfr/hU/0G/taO/nCxX/nue/oUjg4Ng.log
.dll windows:6 windows x86

d7637d01603047c46356b8ae53adf518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
CreateFileA
CloseHandle
GetLastError
ConvertThreadToFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
DeactivateActCtx
FindFirstFileA
FindNextFileA
GetSystemDirectoryA
SetCurrentDirectoryA
ReadFile
SetFilePointer
ReleaseActCtx
SetFileTime
VirtualAlloc
DeviceIoControl
GetLocalTime

Exports

Exports

GPa606j
HUF_inc_var
Tsw3286E

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9abeb2b37a47478c60d77a46a439a38b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

devobj

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 336B

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 512B - Virtual size: 48B

d7637d01603047c46356b8ae53adf518

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 298KB - Virtual size: 298KB

.data Size: 531KB - Virtual size: 531KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 336B

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 298KB - Virtual size: 298KB

.data
Size: 531KB - Virtual size: 531KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB