32c02975c3cb44d351164a7e103a9eb15fdfe34bd31fa2695d45df9cbc06dcb4[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

32c02975c3cb44d351164a7e103a9eb15fdfe34bd31fa2695d45df9cbc06dcb4.zip.zip
Size

127KB
MD5

eb89be2f13fc15dfa65c31af71aa8568
SHA1

0227b1f8f34dd299e415c45810da2792b096856c
SHA256

1a0af66cd561523dfb5a67ec7583e987622bb4b72bc19ca0e66aabb5a7cb4e2d
SHA512

4cfee91512aa1a82f083eac06412d72383c57c233ef9a4418d06edbcf19a8c4b57932b59d90f0790f7a083cf3b20724b929a1816dd0d1d66683d8e01d96ca7ae
SSDEEP

3072:SGtCKqDYy6cK+dOvIvlInNwV/B7kGhBHb5xVfMYW20F7IOLVot:DtCvy+dO8lINw/B7dbH9xhqF7hot

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/TTDXEDIT.EXE	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MODIFIED.EXE
unpack002/SGMPlugin/TTDXEdit.dll
unpack002/TTDXEDIT.EXE

Files

32c02975c3cb44d351164a7e103a9eb15fdfe34bd31fa2695d45df9cbc06dcb4.zip.zip
.zip

Password: infected
32c02975c3cb44d351164a7e103a9eb15fdfe34bd31fa2695d45df9cbc06dcb4.zip
.zip
CHANGES.TXT
MODIFIED.EXE
.exe windows:1 windows x86

1c65dda11de98f9675eff0bc72947e28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA

kernel32

CloseHandle
CreateEventA
CreateFileA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointer
SetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteConsoleA
WriteFile

Sections

AUTO
Size: 27KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.TXT
SGMPlugin/TTDXEdit.dll
.dll regsvr32 windows:4 windows x86

1be56bbf96046ef4a1a6721bdcb84199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
ord618
ord650
_allmul
__vbaLateIdSt
ord652
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTDXEDIT.EXE
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

1c65dda11de98f9675eff0bc72947e28

Headers

File Characteristics

Imports

user32

kernel32

Sections

AUTO Size: 27KB - Virtual size:

.idata Size: 1KB - Virtual size:

DGROUP Size: 4KB - Virtual size:

.bss Size: 2KB - Virtual size:

.reloc Size: 2KB - Virtual size:

1be56bbf96046ef4a1a6721bdcb84199

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 236KB

UPX1 Size: 91KB - Virtual size: 92KB

.rsrc Size: 3KB - Virtual size: 4KB

AUTO
Size: 27KB - Virtual size:

.idata
Size: 1KB - Virtual size:

DGROUP
Size: 4KB - Virtual size:

.bss
Size: 2KB - Virtual size:

.reloc
Size: 2KB - Virtual size:

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 236KB

UPX1
Size: 91KB - Virtual size: 92KB

.rsrc
Size: 3KB - Virtual size: 4KB