_Getintopc[.]today_Microsoft_Office_2010_Portable[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

_Getintopc.today_Microsoft_Office_2010_Portable.rar
Size

563.0MB
MD5

f553bdf1bd7cda3f93b0b1990de1dad5
SHA1

9b258543e70a7b93d8cc86711bcc558861671b75
SHA256

b4f7ccaf6123ba5b048e1fe420c1fb79c95e9c703e83739d28489f51026b1b0e
SHA512

7ff96da7a93ae3941206578dda7a0c61055e0cbd1eb26d724745d63abe561c91594495e7e13765b8cabcb93db505f0718560d5f85ee714662ee007103c2b0e3c
SSDEEP

12582912:KgIV+OLwOHZMgSjLGGcKFTNK5lBsgU7WBiZnl/f51/+8RqQL:qVZwO5PoLSeTU5lrU3l/b/+vQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/GROOVE.EXE
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/MSACCESS.EXE
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/MSO14.DAT
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/MSPUB.EXE
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/OIS.EXE
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/ONENOTE.EXE
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/OUTLOOK.EXE
unpack001/Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/POWERPNT.EXE

Files

_Getintopc.today_Microsoft_Office_2010_Portable.rar
.rar
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/GROOVE.EXE
.exe windows:5 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/MSACCESS.EXE
.exe windows:5 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/MSO14.DAT
.exe windows:4 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/MSPUB.EXE
.exe windows:5 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/OIS.EXE
.exe windows:5 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/ONENOTE.EXE
.exe windows:5 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/OUTLOOK.EXE
.exe windows:5 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Microsoft_Office_2010_Portable/Microsoft_Office_2010_Portable/POWERPNT.EXE
.exe windows:5 windows x86

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
SetLastError
LoadLibraryA
LoadLibraryExA
lstrcatA
lstrcpyA
GetModuleFileNameA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
LoadLibraryExW
lstrcatW
ReadFile
SetFilePointer
MapViewOfFileEx
CloseHandle
MapViewOfFile
CreateFileMappingW
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

ntdll

LdrLoadDll
LdrGetProcedureAddress

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 168KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.res Size: 167KB - Virtual size: 168KB

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.res Size: 174KB - Virtual size: 176KB

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.res Size: 24KB - Virtual size: 28KB

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.res Size: 171KB - Virtual size: 172KB

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.res Size: 26KB - Virtual size: 28KB

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.res Size: 165KB - Virtual size: 168KB

Password: 123

e9b4cef3f40a98997cf5e2c850f03f67

Headers

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 167KB - Virtual size: 168KB

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 174KB - Virtual size: 176KB

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 24KB - Virtual size: 28KB

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 171KB - Virtual size: 172KB

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 26KB - Virtual size: 28KB

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 165KB - Virtual size: 168KB

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 169KB - Virtual size: 172KB

.text
Size: 12KB - Virtual size: 12KB

.res
Size: 168KB - Virtual size: 172KB