41f954ca1c9e6087d6456072bebf5e62a348c5850d3b094af737f0dcfe213e59[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

41f954ca1c9e6087d6456072bebf5e62a348c5850d3b094af737f0dcfe213e59.zip.zip
Size

44.6MB
MD5

3f5c9571bacf1db4400eed06111c637f
SHA1

ee3dfe6a9dfa72f3d278864d6f9203929a732898
SHA256

a034bcb0be853973913fda53f4c3ce71f38e450c865d718af086f360e22af318
SHA512

954108815c27be718b22e62d0e341c8c9d2ab3a7de8f9f4dd57d20a2acf75655f04172047c74ed18e25e9554fbc68a075f29696111613015e4268b66a23a7b3b
SSDEEP

786432:WQjAY4bfwxT2xMvpXDrGcgXG8tv8UwIynj5ZmkIaaNCphcr167u5UfdbJn:YY4sc2rGJtvwIynj58abbcrE7QUfdbJn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/bennu-0.4.1a7/bennu_res/phantomjs.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/bennu-0.4.1a7/bennu_res/chromedriver.exe
unpack002/bennu-0.4.1a7/bennu_res/phantomjs.exe

Files

41f954ca1c9e6087d6456072bebf5e62a348c5850d3b094af737f0dcfe213e59.zip.zip
.zip

Password: infected
41f954ca1c9e6087d6456072bebf5e62a348c5850d3b094af737f0dcfe213e59.zip
.zip
bennu-0.4.1a7/LICENSE
bennu-0.4.1a7/MANIFEST.in
bennu-0.4.1a7/PKG-INFO
bennu-0.4.1a7/README.txt
bennu-0.4.1a7/bennu.egg-info/PKG-INFO
bennu-0.4.1a7/bennu.egg-info/SOURCES.txt
bennu-0.4.1a7/bennu.egg-info/dependency_links.txt
bennu-0.4.1a7/bennu.egg-info/entry_points.txt
bennu-0.4.1a7/bennu.egg-info/requires.txt
bennu-0.4.1a7/bennu.egg-info/top_level.txt
bennu-0.4.1a7/bennu/__init__.py
bennu-0.4.1a7/bennu/api/__init__.py
bennu-0.4.1a7/bennu/api/apis.py
bennu-0.4.1a7/bennu/api/flaskrunner.py
bennu-0.4.1a7/bennu/api/spiderForYahooCurrency.py
bennu-0.4.1a7/bennu/emailutility.py
bennu-0.4.1a7/bennu/externaldb.py
bennu-0.4.1a7/bennu/filesystemutility.py
bennu-0.4.1a7/bennu/launcher.py
bennu-0.4.1a7/bennu/localdb.py
bennu-0.4.1a7/bennu/mod/__init__.py
bennu-0.4.1a7/bennu/ui/__init__.py
bennu-0.4.1a7/bennu_res/__init__.py
bennu-0.4.1a7/bennu_res/__init__.pyc
bennu-0.4.1a7/bennu_res/__pycache__/__init__.cpython-34.pyc
bennu-0.4.1a7/bennu_res/chromedriver.exe
.exe windows:5 windows x86

bd08dab3caed0fcd95f55730d239df15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASendTo
WSARecvFrom
sendto
recvfrom
getsockopt
getpeername
socket
WSASocketW
WSAStartup
WSASend
WSAResetEvent
WSAIoctl
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError
shutdown
setsockopt
recv
freeaddrinfo
ioctlsocket
listen
getsockname
connect
closesocket
bind
accept
getaddrinfo

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
CreateProcessAsUserW
SystemFunction036
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW

kernel32

LoadLibraryExA
SetEnvironmentVariableA
GetModuleHandleExA
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
GetCurrentProcessId
GetTickCount
GetModuleFileNameW
FormatMessageA
GetCommandLineW
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
IsDebuggerPresent
DuplicateHandle
RaiseException
WaitForSingleObject
GetCurrentProcess
CreateThread
GetCurrentThreadId
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetLongPathNameW
GetTempFileNameW
ReadFile
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileW
MoveFileExW
ReplaceFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
TerminateProcess
GetExitCodeProcess
GetStdHandle
ResumeThread
CreateProcessW
AssignProcessToJobObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
CreateEventW
GetModuleHandleA
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetVersionExW
GetNativeSystemInfo
GetModuleHandleExW
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SetFileTime
UnregisterWaitEx
RegisterWaitForSingleObject
GetSystemDirectoryW
GetWindowsDirectoryW
HeapSetInformation
QueueUserWorkItem
LoadLibraryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
FormatMessageW
GlobalFree
LoadLibraryExW
SetFilePointer
CancelIo
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetLocaleInfoA
GetNumberFormatW
GetCurrencyFormatW
InitializeCriticalSection
FreeLibrary
GetThreadLocale
GetGeoInfoW
GetUserGeoID
CreateFileA
SwitchToThread
EncodePointer
DecodePointer
IsProcessorFeaturePresent
ExitProcess
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetFullPathNameW
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
WriteConsoleW
RtlUnwind
ReadConsoleW
GetDriveTypeW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
PropVariantClear

user32

TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
WaitMessage
DefWindowProcW
PostQuitMessage
MapVirtualKeyW
RegisterClassExW
CreateWindowExW
DestroyWindow
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
VkKeyScanW
ToUnicode
GetKeyboardLayoutList
GetKeyboardLayoutNameW
ActivateKeyboardLayout
LoadKeyboardLayoutW
UnregisterClassW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winhttp

WinHttpSetTimeouts
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser

secur32

DeleteSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleW
QuerySecurityPackageInfoW
FreeContextBuffer
FreeCredentialsHandle

crypt32

CertFreeCertificateChainEngine
CertSetCertificateContextProperty
CertFindExtension
CertGetCertificateChain
CertGetPublicKeyLength
CertCompareCertificateName
CertAddSerializedElementToStore
CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
CertOpenStore
CryptFindOIDInfo
CryptDecodeObjectEx
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertRDNValueToStrW
CertCreateCertificateChainEngine
CryptHashCertificate

urlmon

CoInternetCreateSecurityManager

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bennu-0.4.1a7/bennu_res/icon.ico
bennu-0.4.1a7/bennu_res/phantomjs
.elf linux x64
bennu-0.4.1a7/bennu_res/phantomjs.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 30.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bennu-0.4.1a7/setup.cfg
bennu-0.4.1a7/setup.py

Sharing

General

Malware Config

Signatures

Files

Password: infected

bd08dab3caed0fcd95f55730d239df15

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

advapi32

kernel32

ole32

user32

userenv

winhttp

secur32

crypt32

urlmon

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 32KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 115KB - Virtual size: 114KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 30.9MB

UPX1 Size: 17.7MB - Virtual size: 17.7MB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 32KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 115KB - Virtual size: 114KB

UPX0
Size: - Virtual size: 30.9MB

UPX1
Size: 17.7MB - Virtual size: 17.7MB

.rsrc
Size: 5KB - Virtual size: 8KB