2474e303fdaa30c3202ea6cb903bd350b99bae953e7abd264431522fd78da6ad[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

2474e303fdaa30c3202ea6cb903bd350b99bae953e7abd264431522fd78da6ad.zip.zip
Size

1.0MB
MD5

83bdf185afddd1f5cb0e35311779ef3b
SHA1

8e3c5f5b80f4c65380539193c0f51e85de9d7a1a
SHA256

be01b6e1b3aab7b018876050b10cd5769ef005d51476dee97e5364c718858bde
SHA512

f1144234470e1daa02f12a7e5ac8eb2c082fd7c5e4d6e6533d5e291560b0af68a35361ef6de2854ec80d23016d011382e59d990d53d1225d256b4786a397a15b
SSDEEP

24576:+A5h3MI6hBuA6oz/m8BetX9Zpo++DZwdnIENGWFYqbM2+Rbj56ZRAHr+XMS:H5h/6LzNB6po++DqbGfXhbj8RwO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/KeePass.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/KeePass.exe
unpack003/out.upx

Files

2474e303fdaa30c3202ea6cb903bd350b99bae953e7abd264431522fd78da6ad.zip.zip
.zip

Password: infected
2474e303fdaa30c3202ea6cb903bd350b99bae953e7abd264431522fd78da6ad.zip
.zip
KeePass.chm
.chm
KeePass.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CPrivateConfig@@QAE@H@Z
??0CPwManager@@QAE@XZ
??0CommandLineOption@@QAE@ABV0@@Z
??0CommandLineOption@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0FullPathName@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CPrivateConfig@@UAE@XZ
??1CPwManager@@UAE@XZ
??1CommandLineOption@@QAE@XZ
??1FullPathName@@QAE@XZ
??_7CPrivateConfig@@6B@
??_7CPwManager@@6B@
?AccessPropertyStrArray@CPwManager@@QAEPAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@K@Z
?AddEntry@CPwManager@@QAEHPBU_PW_ENTRY@@@Z
?AddGroup@CPwManager@@QAEHPBU_PW_GROUP@@@Z
?BackupEntry@CPwManager@@QAEHPBU_PW_ENTRY@@PAH@Z
?CleanUp@CPwManager@@AAEXXZ
?DeleteEntry@CPwManager@@QAEHK@Z
?DeleteGroupById@CPwManager@@QAEHKH@Z
?DeleteLostEntries@CPwManager@@AAEKXZ
?DeserializeCustomKvp@CPwManager@@CA_NPBEAAU?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@Z
?Find@CPwManager@@QAEKPBDHKK@Z
?FixGroupTree@CPwManager@@QAEXXZ
?Get@CPrivateConfig@@QBEHPBDPAD@Z
?GetAlgorithm@CPwManager@@QBEHXZ
?GetBool@CPrivateConfig@@QBEHPBDH@Z
?GetCustomKvp@CPwManager@@QBEPBDPBD@Z
?GetEntry@CPwManager@@QAEPAU_PW_ENTRY@@K@Z
?GetEntryByGroup@CPwManager@@QAEPAU_PW_ENTRY@@KK@Z
?GetEntryByGroupN@CPwManager@@QBEKKK@Z
?GetEntryByUuid@CPwManager@@QAEPAU_PW_ENTRY@@PBE@Z
?GetEntryByUuidN@CPwManager@@QBEKPBE@Z
?GetEntryPosInGroup@CPwManager@@QBEKPBU_PW_ENTRY@@@Z
?GetGroup@CPwManager@@QAEPAU_PW_GROUP@@K@Z
?GetGroupById@CPwManager@@QAEPAU_PW_GROUP@@K@Z
?GetGroupByIdN@CPwManager@@QBEKK@Z
?GetGroupId@CPwManager@@QBEKPBD@Z
?GetGroupIdByIndex@CPwManager@@QBEKK@Z
?GetGroupTree@CPwManager@@QBEHKPAK@Z
?GetKeyEncRounds@CPwManager@@QBEKXZ
?GetLastChildGroup@CPwManager@@QBEKK@Z
?GetLastDatabaseHeader@CPwManager@@QBEPBU_PW_DBHEADER@@XZ
?GetLastEditedEntry@CPwManager@@QAEPAU_PW_ENTRY@@XZ
?GetNeverExpireTime@CPwManager@@SAXPAU_PW_TIME@@@Z
?GetNumberOfEntries@CPwManager@@QBEKXZ
?GetNumberOfGroups@CPwManager@@QBEKXZ
?GetNumberOfItemsInGroup@CPwManager@@QBEKPBD@Z
?GetNumberOfItemsInGroupN@CPwManager@@QBEKK@Z
?GetPropertyString@CPwManager@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetRawMasterKey@CPwManager@@QBEXPAE@Z
?InitPrimaryInstance@CPwManager@@QAEXXZ
?LockEntryPassword@CPwManager@@QAEXPAU_PW_ENTRY@@@Z
?MergeIn@CPwManager@@QAEXPAV1@HH@Z
?MoveEntry@CPwManager@@QAEXKKK@Z
?MoveGroup@CPwManager@@QAEHKK@Z
?MoveGroupEx@CPwManager@@QAEHKK@Z
?MoveGroupExDir@CPwManager@@QAEHKH@Z
?MoveInternal@CPwManager@@AAEXKK@Z
?NewDatabase@CPwManager@@QAEXXZ
?OpenDatabase@CPwManager@@QAEHPBDPAU_PWDB_REPAIR_INFO@@@Z
?ReadEntryField@CPwManager@@AAEHGKPBEPAU_PW_ENTRY@@@Z
?ReadGroupField@CPwManager@@AAEHGKPBEPAU_PW_GROUP@@@Z
?SaveDatabase@CPwManager@@QAEHPBDPAE@Z
?SerializeCustomKvp@CPwManager@@CAPAEABU?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@Z
?Set@CPrivateConfig@@QAEHPBD0@Z
?SetAlgorithm@CPwManager@@QAEHH@Z
?SetBool@CPrivateConfig@@QAEHPBDH@Z
?SetCustomKvp@CPwManager@@QAEHPBD0@Z
?SetEntry@CPwManager@@QAEHKPBU_PW_ENTRY@@@Z
?SetGroup@CPwManager@@QAEHKPBU_PW_GROUP@@@Z
?SetKeyEncRounds@CPwManager@@QAEXK@Z
?SetMasterKey@CPwManager@@QAEHPBDH0PBVCNewRandomInterface@@H@Z
?SetPropertyString@CPwManager@@QAEHKPBD@Z
?SetRawMasterKey@CPwManager@@QAEXPBE@Z
?SortGroup@CPwManager@@QAEXKK@Z
?SortGroupList@CPwManager@@QAEXXZ
?SubstEntryGroupIds@CPwManager@@QAEXKK@Z
?UnlockEntryPassword@CPwManager@@QAEXPAU_PW_ENTRY@@@Z
?_AddAllMetaStreams@CPwManager@@AAEHXZ
?_AddMetaStream@CPwManager@@AAEHPBDPAEK@Z
?_AllocEntries@CPwManager@@AAEXK@Z
?_AllocGroups@CPwManager@@AAEXK@Z
?_CanIgnoreUnknownMetaStream@CPwManager@@ABEHABU_PWDB_META_STREAM@@@Z
?_DeleteEntryList@CPwManager@@AAEXH@Z
?_DeleteGroupList@CPwManager@@AAEXH@Z
?_IsMetaStream@CPwManager@@ABEHPBU_PW_ENTRY@@@Z
?_LoadAndRemoveAllMetaStreams@CPwManager@@AAEK_N@Z
?_ParseMetaStream@CPwManager@@AAEXPAU_PW_ENTRY@@_N@Z
?_TransformMasterKey@CPwManager@@AAEHPBE@Z
?beginsWithPrefix@CommandLineOption@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?instance@CmdArgs@@SAABV1@XZ
?instance@CommandLineTokens@@SAABV1@XZ
?instance@Executable@@SAABVFullPathName@@XZ
?isOption@CommandLineOption@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?optionName@CommandLineOption@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?optionValue@CommandLineOption@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?optionValueOffset@CommandLineOption@@QBEIXZ
DeleteArrayCtx
FreeCurrentTranslationTable
GetCurrentTranslationTable
KP_Call
KP_Query
LoadTranslationTable
WU_GetFileNameSz
_IsUTF8String
_OpenLocalFile
_SortTrlTable
_StringToUTF8
_StringToUuid
_TRL
_UTF8BytesNeeded
_UTF8NumChars
_UTF8ToString

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 581KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
License.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 581KB - Virtual size: 584KB

.rsrc Size: 156KB - Virtual size: 160KB

Headers

File Characteristics

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 224KB - Virtual size: 220KB

.data Size: 44KB - Virtual size: 62KB

.rsrc Size: 380KB - Virtual size: 377KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 581KB - Virtual size: 584KB

.rsrc
Size: 156KB - Virtual size: 160KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 224KB - Virtual size: 220KB

.data
Size: 44KB - Virtual size: 62KB

.rsrc
Size: 380KB - Virtual size: 377KB