27e6e1db6641f9535b002a503ab7bb75bb0f7aceb243efa8ef4fca38fcdb215a[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

27e6e1db6641f9535b002a503ab7bb75bb0f7aceb243efa8ef4fca38fcdb215a.zip.zip
Size

4.0MB
MD5

6dbc293a62d3e4e5ac2c664033e88ca9
SHA1

6b8c39ba684120fff48c25620a4076687a61301e
SHA256

a033c8b8d48356414c5f4cce9280465c23bb47bcd65dc6fee8fb043826388062
SHA512

85c94a56f46e88db7e2ec2b0243f1c0665787440dade0ae18a6f7d2e9af636e8089a8719d4fe139a4007eec580047c2fe75fa2cf2ee5bb8151b589adefb8e6a0
SSDEEP

98304:6lE+xlJ8dLsQggW5KWabzRxpWPpJHekwiqgxrGOCoQ88H+A1t3Wq:6dJ8dLs7gWonzRQrTrGO5ddAj3B

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/HJBMP3.DLL	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/HJBMP3.DLL	upx
static1/unpack002/Imaginary World.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/HJBMP3.DLL
unpack003/out.upx
unpack002/Imaginary World.exe

Files

27e6e1db6641f9535b002a503ab7bb75bb0f7aceb243efa8ef4fca38fcdb215a.zip.zip
.zip

Password: infected
27e6e1db6641f9535b002a503ab7bb75bb0f7aceb243efa8ef4fca38fcdb215a.zip
.zip
DATA/CLOUDS.JPG
.jpg
DATA/GLASS.JPG
.jpg
DATA/GREEN1.JPG
.jpg
DATA/ICE.JPG
.jpg
DATA/IMPLEXY.MP3
.ps1
DATA/IW_LOGO.JPG
.jpg
DATA/KASKA.JPG
.jpg
DATA/LIGHT.JPG
.jpg
DATA/LIGHT3.JPG
.jpg
DATA/L_1AD.JPG
.jpg
DATA/L_2DI.JPG
.jpg
DATA/L_3CT.JPG
.jpg
DATA/MAGIKK.JPG
.jpg
DATA/ORANGE.JPG
.jpg
DATA/SHAPES1.JPG
.jpg
DATA/SHAPES2.JPG
.jpg
DATA/SHAPES3.JPG
.jpg
DATA/SHAPES4.JPG
.jpg
DATA/SHAPES4B.JPG
.jpg
DATA/SHAPES5.JPG
.jpg
DATA/TXTFLASH.JPG
.jpg
DATA/c_BamboOS.jpg
.jpg
DATA/c_Sagat.jpg
.jpg
DATA/c_Shexbeer.jpg
.jpg
DATA/c_Traymuss.jpg
.jpg
DATA/circles_gold.jpg
.jpg
DATA/circles_night.jpg
.jpg
DATA/city_lights.jpg
.jpg
DATA/hell_gates.jpg
.jpg
DATA/missnight.jpg
.jpg
DATA/t_1Imaginary World.jpg
.jpg
DATA/t_2unrealistic.jpg
.jpg
DATA/t_3ethereal.jpg
.jpg
DATA/t_4wonderful.jpg
.jpg
DATA/t_5limitless.jpg
.jpg
DATA/t_6transient.jpg
.jpg
DATA/t_7iwasthere!.jpg
.jpg
FILE_ID.DIZ
HJBMP3.DLL
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?MP3_CloseDevice@@YAHXZ
?MP3_GetPosition@@YAKXZ
?MP3_GetVolume@@YAKXZ
?MP3_GetWaveDeviceCaps@@YAHKPAUMP3Device@@@Z
?MP3_GetWaveDevicesNumber@@YAKXZ
?MP3_LoadFromDisk@@YAHPAD@Z
?MP3_LoadFromMemory@@YAHPAEK@Z
?MP3_LoadFromVirtualDisk@@YAHPADK@Z
?MP3_OpenDevice@@YAHKK@Z
?MP3_Play@@YAHXZ
?MP3_SetVolume@@YAXK@Z
?MP3_Stop@@YAXXZ

Sections

UPX0
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Imaginary World.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Imaginary World.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 160KB

UPX1 Size: 42KB - Virtual size: 44KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 24KB - Virtual size: 118KB

.reloc Size: 8KB - Virtual size: 5KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.1MB

UPX1 Size: 51KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 160KB

UPX1
Size: 42KB - Virtual size: 44KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 24KB - Virtual size: 118KB

.reloc
Size: 8KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 2.1MB

UPX1
Size: 51KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 4KB