0355f51643450c7dbbf063ebafcb438f001bd94c98cf57b0bb7cba17b723ac39[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

0355f51643450c7dbbf063ebafcb438f001bd94c98cf57b0bb7cba17b723ac39.zip.zip
Size

577KB
MD5

306ca228aa571bd99822be028bf2e38b
SHA1

d4523d294bd33677b493a0913a3191c2dfcdcbc7
SHA256

0f057390b01a640686def5bca73ed4c90abf579d26017002914062b5e9824b08
SHA512

fbd725ccb4075956a5413acfbab817bf3c7aa589c0b4fb54abd62059a83fff5c06870827a5da02d76be7cf56e03f618e60360ac6ad68773b5ef3eccb8eda3035
SSDEEP

12288:Mp8HK1Q8mQTAlRbG3UP4PXApEPWSkeVwhu1ZAIa8eCGm+ceLNopBGIShHnNLgDsV:2N1Q8AllG3UQo27wAZshBZKBGjnNEwV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack003/ctupdate/tools/wget.exe	upx
static1/unpack003/ctupdate/updates/ie6sp1/ie6download.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack003/ctupdate/tools/msiextract.exe
unpack003/ctupdate/tools/unzip.exe
unpack003/ctupdate/tools/wget.exe
unpack003/ctupdate/updates/ie6sp1/ie6download.exe

Files

0355f51643450c7dbbf063ebafcb438f001bd94c98cf57b0bb7cba17b723ac39.zip.zip
.zip

Password: infected
0355f51643450c7dbbf063ebafcb438f001bd94c98cf57b0bb7cba17b723ac39.zip
.zip
0413-194.TXT
LIZENZ.TXT
ctupdate202.zip
.zip
ctupdate/getupdates.cmd
.cmd .vbs
ctupdate/mbsacheck.cmd
ctupdate/skripte/update_ie6sp1.cmd
ctupdate/skripte/update_sp.cmd
ctupdate/skripte/update_w2k_post_sp4.cmd
.cmd .vbs
ctupdate/skripte/update_xp_post_sp1.cmd
.cmd .vbs
ctupdate/tools/liesmich_unxutils.txt
ctupdate/tools/msiextract.exe
.exe windows:4 windows x86

26f8affcf7d37f35e617df607ad5eedf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord92
ord116
ord118
ord32
ord159
ord160
ord114
ord120
ord8

kernel32

LCMapStringW
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
VirtualQuery
GetSystemInfo
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetLastError
CreateDirectoryA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
GetFileAttributesA
SetFileAttributesA
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
LocalFree
LockResource
LoadResource
FindResourceW
LocalAlloc
FormatMessageW
DeleteFileW
WriteFile
CreateFileW
GetCurrentDirectoryW
GetTempFileNameW
GetTempPathW
GetLocaleInfoW
ExitProcess
RaiseException
HeapAlloc
HeapFree
GetFileType
ReadFile
SetFilePointer
RtlUnwind
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetVersionExA
GetCPInfo
LCMapStringA
VirtualProtect
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetEndOfFile
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
GetOEMCP
HeapSize
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableW

user32

wsprintfW

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ctupdate/tools/tools_urls.txt
ctupdate/tools/unzip.exe
.exe windows:4 windows x86

b882c964ffdbd098c3d5211bcef15e8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetKernelObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
LookupPrivilegeValueA
OpenProcessToken
SetKernelObjectSecurity

kernel32

CloseHandle
CreateFileA
CreateMutexA
EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetDriveTypeA
GetFileAttributesA
GetFileTime
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetProcessHeap
GetStdHandle
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
ReadFile
ReleaseMutex
SetConsoleMode
SetFileAttributesA
SetFileTime
SetUnhandledExceptionFilter
SetVolumeLabelA
WaitForSingleObject
lstrcmpiA
lstrcpynA
lstrlenA

msvcrt

_chmod
_close
_fileno
_isatty
_lseek
_mkdir
_open
_putenv
_read
_setmode
_stat
_strnicmp
_strupr
_unlink
_write
__getmainargs
__mb_cur_max
__p__environ
__set_app_type
_cexit
_fileno
_fmode
_fpreset
_iob
_setmode
_tzset
atexit
exit
fclose
fflush
fgets
fopen
fprintf
fputs
free
getenv
gmtime
isalpha
isdigit
isprint
isspace
isupper
localtime
malloc
mblen
memcpy
memset
perror
putc
realloc
setlocale
signal
sprintf
strcat
strcpy
strncmp
strncpy
tolower

user32

CharToOemA
OemToCharA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ctupdate/tools/wget.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 245KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ctupdate/tools/wget.hlp
ctupdate/update.cmd
ctupdate/updates/ie6sp1/ie6_url.txt
ctupdate/updates/ie6sp1/ie6download.au3
ctupdate/updates/ie6sp1/ie6download.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ctupdate/updates/w2k_update_urls.txt
ctupdate/updates/xp_update_urls.txt
ctupdate/versionsgeschichte.txt
msiextract-src.zip
.zip
msiextract/CabExtract.cpp
.vbs
msiextract/CabExtract.h
msiextract/License.txt
msiextract/getopt.cpp
msiextract/getopt.h
msiextract/msiextract.cpp
.js
msiextract/msiextract.h
msiextract/msiextract.rc
msiextract/msiextract.sln
msiextract/msiextract.suo
msiextract/msiextract.vcproj
.xml
msiextract/resource.h
msiextract/smrthandle.h
msiextract/stuff.h
msiextract/tstring.h

Sharing

General

Malware Config

Signatures

Files

Password: infected

26f8affcf7d37f35e617df607ad5eedf

Headers

File Characteristics

Imports

msi

kernel32

user32

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 2KB

b882c964ffdbd098c3d5211bcef15e8e

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 95KB - Virtual size: 94KB

.data Size: 512B - Virtual size: 392B

.bss Size: - Virtual size: 51KB

.idata Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 368KB

UPX1 Size: 245KB - Virtual size: 248KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 192KB

UPX1 Size: 76KB - Virtual size: 76KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 95KB - Virtual size: 94KB

.data
Size: 512B - Virtual size: 392B

.bss
Size: - Virtual size: 51KB

.idata
Size: 3KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 368KB

UPX1
Size: 245KB - Virtual size: 248KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 192KB

UPX1
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 4KB - Virtual size: 4KB