8d8c66d9670d56c5fd3a3c2ae1f785f9a73f95a9faf17205d21a4472a7db4c9d[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8d8c66d9670d56c5fd3a3c2ae1f785f9a73f95a9faf17205d21a4472a7db4c9d.zip.zip
Size

68.1MB
MD5

85290af5b392d9705252020f25857a00
SHA1

6a901c43d57f160aaf91a877bc17218729365f94
SHA256

6ec6d6a154f429652f2cbb73cdcb422acb7dcd53bad15a7ae8fd4ef7e22d7d27
SHA512

e8337ea6501a6469c40450717bbedab881186e3d0e3d4dbc75000226ec3710f34712e928184509b29ddd00f6efc9d9cf2d890a546cb178d951c85a0ec80e1812
SSDEEP

1572864:YcwO+hUJyzjnK0zdfqvxXa7/3aQFZ0KZfH5WQ+2gRcozp:gO+hmyzjn5fqvxqb3NZJPL+2ap

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/MTS/MTS/Common/Devices/VendorData/phantomJS/PJSWindows.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MTS/MTS/Common/Devices/VendorData/phantomJS/PJSWindows.exe

Files

8d8c66d9670d56c5fd3a3c2ae1f785f9a73f95a9faf17205d21a4472a7db4c9d.zip.zip
.zip

Password: infected
8d8c66d9670d56c5fd3a3c2ae1f785f9a73f95a9faf17205d21a4472a7db4c9d.zip
.zip
MTS/.gitignore
MTS/MTS/Common/Data/Computer/FileSystems/Directory.php
MTS/MTS/Common/Data/Computer/FileSystems/File.php
MTS/MTS/Common/Data/Computer/FileSystems/ProcessPipe.php
.js
MTS/MTS/Common/Data/Computer/OperatingSystems/Base.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Linux/ArchBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Linux/CentOSBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Linux/DebianBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Linux/LinuxBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Linux/RHELBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Linux/UbuntuBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Microsoft/Windows.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Microsoft/WindowsBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Mikrotik/MikrotikBase.php
MTS/MTS/Common/Data/Computer/OperatingSystems/Mikrotik/RouterOSBase.php
MTS/MTS/Common/Devices/Actions/Local/Base.php
MTS/MTS/Common/Devices/Actions/Local/Host/ApplicationPaths.php
MTS/MTS/Common/Devices/Actions/Local/Host/Browser.php
.js
MTS/MTS/Common/Devices/Actions/Local/Host/MtsSetup/SetupMTS.php
.js
MTS/MTS/Common/Devices/Actions/Local/Host/OperatingSystem.php
MTS/MTS/Common/Devices/Actions/Local/Host/PhpEnvironment.php
MTS/MTS/Common/Devices/Actions/Local/Host/Processes.php
MTS/MTS/Common/Devices/Actions/Local/Host/Shell.php
.js
MTS/MTS/Common/Devices/Actions/Local/Host/Users.php
MTS/MTS/Common/Devices/Actions/Remote/Base.php
MTS/MTS/Common/Devices/Actions/Remote/Connections/Ssh.php
.js
MTS/MTS/Common/Devices/Actions/Remote/Host/OperatingSystem.php
MTS/MTS/Common/Devices/Actions/Remote/Host/Users.php
MTS/MTS/Common/Devices/Browsers/Base.php
MTS/MTS/Common/Devices/Browsers/BrowserInterface.php
MTS/MTS/Common/Devices/Browsers/PhantomJS.php
.js
MTS/MTS/Common/Devices/Browsers/Window.php
MTS/MTS/Common/Devices/Device.php
MTS/MTS/Common/Devices/Shells/Base.php
.js
MTS/MTS/Common/Devices/Shells/Bash.php
.js
MTS/MTS/Common/Devices/Shells/Cmd.php
.js
MTS/MTS/Common/Devices/Shells/PowerShell.php
.js
MTS/MTS/Common/Devices/Shells/RouterOS.php
.js
MTS/MTS/Common/Devices/Types/Localhost.php
MTS/MTS/Common/Devices/Types/Remotehost.php
.js
MTS/MTS/Common/Devices/VendorData/PowerShell/mtsPsInit.ps1
.ps1
MTS/MTS/Common/Devices/VendorData/phantomJS/PJSCtrl.js
.js
MTS/MTS/Common/Devices/VendorData/phantomJS/PJSLinux32
.elf linux x86
MTS/MTS/Common/Devices/VendorData/phantomJS/PJSLinux64
.elf linux x64
MTS/MTS/Common/Devices/VendorData/phantomJS/PJSWindows.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 30.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MTS/MTS/Common/Tools/FileSystems/Directories.php
MTS/MTS/Common/Tools/FileSystems/Files.php
MTS/MTS/Common/Tools/Time/Epoch.php
MTS/MTS/EnableMTS.php
MTS/MTS/Factories.php
MTS/MTS/Factories/Actions.php
MTS/MTS/Factories/Devices.php
MTS/MTS/Factories/Files.php
MTS/MTS/Factories/Time.php
MTS/MTS/WorkDirectory/placeHolder.php
MTS/MtsSetup.php
MTS/README.md
.js
MTS/Tests/Common/Devices/Actions/Host/ApplicationPathsTest.php
MTS/Tests/Common/Devices/Actions/Host/BrowserTest.php
MTS/Tests/Common/Devices/Actions/Host/OperatingSystemTest.php
MTS/Tests/Common/Devices/Actions/Host/ProcessesTest.php
MTS/Tests/Common/Devices/Actions/Host/ShellTest.php
MTS/Tests/Common/Devices/Actions/Host/UsersTest.php
MTS/Tests/Common/Devices/Browsers/PhantomJSTest.php
MTS/Tests/Common/Devices/Types/LocalhostTest.php
MTS/Tests/Factories/ActionsTest.php
MTS/Tests/Factories/DevicesTest.php
MTS/Tests/MtsBootstrap.php
MTS/Tests/MtsPhpUnit.xml
MTS/Tests/MtsUnitTestDevices.php
MTS/composer.json
MTS/composer.lock
MTS/vendor/autoload.php
MTS/vendor/composer/ClassLoader.php
.ps1
MTS/vendor/composer/InstalledVersions.php
MTS/vendor/composer/LICENSE
MTS/vendor/composer/autoload_classmap.php
MTS/vendor/composer/autoload_files.php
MTS/vendor/composer/autoload_namespaces.php
MTS/vendor/composer/autoload_psr4.php
MTS/vendor/composer/autoload_real.php
MTS/vendor/composer/autoload_static.php
MTS/vendor/composer/installed.json
MTS/vendor/composer/installed.php
MTS/vendor/composer/platform_check.php

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 30.9MB

UPX1 Size: 17.7MB - Virtual size: 17.7MB

.rsrc Size: 5KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 30.9MB

UPX1
Size: 17.7MB - Virtual size: 17.7MB

.rsrc
Size: 5KB - Virtual size: 8KB