6593918729d52bef541bd44e531d623d7002ff280aed23ae8b4d7d24154fd775[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

6593918729d52bef541bd44e531d623d7002ff280aed23ae8b4d7d24154fd775.zip.zip
Size

7.3MB
MD5

5c169edeb3b1a04a958676d5a7f41ed5
SHA1

b8445ae35acc25062408e94e518d050876f7b29b
SHA256

d6adef6c2de22384a5cbc6f6df1f5fb810b7c0f62490cc8f500e68e1729eb779
SHA512

e89ce8957a14fbc7061c3965300b00587871efd1e3466b942db8fc84c6f3e58a9873375cdb0edfd6f07fae00567259d45ee1a3665e33b834801e7d5ce3ae39e9
SSDEEP

196608:WuhrSbwpvjYkv/O5crBXfKjtGcLCd9nvrzyr6zJ+r+veC1:WwuwdYdcrBPKjUcLCd9/W6z8r+GC1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/TheS/tHe_S - patch 0.1 alpha.exe	upx
static1/unpack002/TheS/tHe_S.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/TheS/BASS.DLL
unpack002/TheS/tHe_S - patch 0.1 alpha.exe
unpack002/TheS/tHe_S.exe

Files

6593918729d52bef541bd44e531d623d7002ff280aed23ae8b4d7d24154fd775.zip.zip
.zip

Password: infected
6593918729d52bef541bd44e531d623d7002ff280aed23ae8b4d7d24154fd775.zip
.zip
TheS/BASS.DLL
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_CDDoor
BASS_CDFree
BASS_CDGetID
BASS_CDGetTrackLength
BASS_CDGetTracks
BASS_CDInDrive
BASS_CDInit
BASS_CDPlay
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetEAXMix
BASS_ChannelGetFlags
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelPause
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelResume
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetDSoundObject
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetGlobalVolumes
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetChannelVol
BASS_MusicGetLength
BASS_MusicGetName
BASS_MusicLoad
BASS_MusicPlay
BASS_MusicPlayEx
BASS_MusicPreBuf
BASS_MusicSetAmplify
BASS_MusicSetChannelVol
BASS_MusicSetPanSep
BASS_MusicSetPositionScaler
BASS_Pause
BASS_RecordFree
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SamplePlay
BASS_SamplePlay3D
BASS_SamplePlay3DEx
BASS_SamplePlayEx
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DAlgorithm
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetBufferLength
BASS_SetCLSID
BASS_SetEAXParameters
BASS_SetGlobalVolumes
BASS_SetLogCurves
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetLength
BASS_StreamGetTags
BASS_StreamPlay
BASS_StreamPreBuf
BASS_Update

Sections

Size: 106KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TheS/file_id.diz
TheS/product.nfo
TheS/tHe_S - patch 0.1 alpha.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TheS/tHe_S.bit
TheS/tHe_S.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TheS/tHe_S.log

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

Size: 106KB - Virtual size: 340KB

Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 141KB - Virtual size: 144KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 140KB - Virtual size: 140KB

UPX2 Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 141KB - Virtual size: 144KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 140KB - Virtual size: 140KB

UPX2
Size: 512B - Virtual size: 4KB