2a21c70efb3bac60c3d2bc008cb09f9761009489272c143b600b7ce2164e458a[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

2a21c70efb3bac60c3d2bc008cb09f9761009489272c143b600b7ce2164e458a.zip.zip
Size

2.7MB
MD5

4ae2f3f04ce5a9b967536f86b6c986fa
SHA1

d0f64217e84bcdb000e38e7db588398799bf8c8c
SHA256

b859e3193085515b0eed4ede5a7e291c9e123cde828126017171f3441caf6433
SHA512

57d0e2df6979079b0ed8e15172487411e51ae8f65b447774f70fea283a50cab3241d5a9feb73dd4daaa6036fd338bc769e14b3e3e8a4819f59c7d988e6df2aeb
SSDEEP

49152:7wTmynVVn2j+gHllEz3mB7CSl9+uf5INLZ61JjKZ9QqQ6i1A:72TgHu3mBmSl93u61JjSQ6i1A

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/logoshow.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/bass.dll
unpack002/logoshow.exe

Files

2a21c70efb3bac60c3d2bc008cb09f9761009489272c143b600b7ce2164e458a.zip.zip
.zip

Password: infected
2a21c70efb3bac60c3d2bc008cb09f9761009489272c143b600b7ce2164e458a.zip
.zip
bass.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_CDDoor
BASS_CDFree
BASS_CDGetID
BASS_CDGetTrackLength
BASS_CDGetTracks
BASS_CDInDrive
BASS_CDInit
BASS_CDPlay
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetEAXMix
BASS_ChannelGetFlags
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelResume
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetDSoundObject
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetGlobalVolumes
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetChannelVol
BASS_MusicGetLength
BASS_MusicGetName
BASS_MusicLoad
BASS_MusicPlay
BASS_MusicPlayEx
BASS_MusicPreBuf
BASS_MusicSetAmplify
BASS_MusicSetChannelVol
BASS_MusicSetPanSep
BASS_MusicSetPositionScaler
BASS_Pause
BASS_RecordFree
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SamplePlay
BASS_SamplePlay3D
BASS_SamplePlay3DEx
BASS_SamplePlayEx
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DAlgorithm
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetBufferLength
BASS_SetCLSID
BASS_SetEAXParameters
BASS_SetGlobalVolumes
BASS_SetLogCurves
BASS_SetNetConfig
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetLength
BASS_StreamGetTags
BASS_StreamPlay
BASS_StreamPreBuf
BASS_Update
_

Sections

Size: 96KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
en.nfo
file_id.diz
logoshow.dat
.rar
CONFIG.TXT
COVER1.JPG
.jpg
COVER2.JPG
.jpg
COVEROUT.JPG
.jpg
CUR.BMP
CUR.MSK
HIDDEN/HIDDEN.TXT
KURSOR.BMP
KURSORA.BMP
KURSORA.MSK
LOGOBG.BMP
LOGOSY/BFY1.JPG
.jpg
LOGOSY/BFY1.TXT
LOGOSY/BFY2.JPG
.jpg
LOGOSY/BFY2.TXT
LOGOSY/CUBE.JPG
.jpg
LOGOSY/CUBE.TXT
LOGOSY/DIOR.JPG
.jpg
LOGOSY/DIOR.TXT
LOGOSY/DIORV2.JPG
.jpg
LOGOSY/DIORV2.TXT
LOGOSY/EN.JPG
.jpg
LOGOSY/EN.TXT
LOGOSY/ENMINI.TXT
LOGOSY/ENMINI1.JPG
.jpg
LOGOSY/ENMINI2.JPG
.jpg
LOGOSY/EN_OLD.JPG
.jpg
LOGOSY/EN_OLD.TXT
LOGOSY/FLOPPY.JPG
.jpg
LOGOSY/FLOPPY.TXT
LOGOSY/HD.JPG
.jpg
LOGOSY/HD.TXT
LOGOSY/HDHIS.JPG
.jpg
LOGOSY/HIS.TXT
LOGOSY/HXT.JPG
.jpg
LOGOSY/HXT.TXT
LOGOSY/NIWOOD.JPG
.jpg
LOGOSY/NIWOOD.TXT
LOGOSY/OPSOLD.JPG
.jpg
LOGOSY/OPSOLD.TXT
LOGOSY/SCOOPEX.JPG
.jpg
LOGOSY/SCOOPEX.TXT
LOGOSY/SINNER.JPG
.jpg
LOGOSY/SINNER.TXT
LOGOSY/THELOOP.JPG
.jpg
LOGOSY/THELOOP.TXT
L_OVER.JPG
.jpg
L_PUSH.JPG
.jpg
MAXUS.XM
MENUGL.TXT
PANEL.JPG
.jpg
P_OVER.JPG
.jpg
P_PUSH.JPG
.jpg
logoshow.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
logoshow.txt
maxus.xm

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

Size: 96KB - Virtual size: 300KB

Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 172KB

UPX1 Size: 112KB - Virtual size: 112KB

.rsrc Size: 5KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 172KB

UPX1
Size: 112KB - Virtual size: 112KB

.rsrc
Size: 5KB - Virtual size: 8KB