d1d0488139f749c3efc47ddd969c73a065badb16e1aa32da9f35ffacb960df90[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d1d0488139f749c3efc47ddd969c73a065badb16e1aa32da9f35ffacb960df90.zip.zip
Size

3.3MB
MD5

1d29af88bf7de3a8b9417d9c3606a83a
SHA1

2570684714ef0bff498eebddd509f8a8d2448fc3
SHA256

2e327506964e20fa2f29392467633bf0c8c62dc7665b5f21c972c57f4b6de95d
SHA512

2c84d95d2a5256906cf5189b7b3d6e899b07f747c67d0dd4a3202f3105081cace50b9918146372fcad538c062c9108edfed1927f328d88503f9e3f09af64f5d2
SSDEEP

98304:LH/j/nePLKX0c7EBI6r2CrDQqbuj3vraHNr1:LH7/mleWCOUEuj3OD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack007/hg_party/Release/hydrogeN.exe	upx
static1/unpack007/hg_party/fexp.exe	upx
static1/unpack007/hg_party/xmd.exe	upx
static1/unpack007/hg_party/zenith/Debug/zenith.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/BASS.DLL
unpack007/hg_party/Release/hydrogeN.exe
unpack007/hg_party/fexp.exe
unpack009/out.upx
unpack007/hg_party/xmd.exe
unpack007/hg_party/zenith/Debug/zenith.exe
unpack002/HUGI25.EXE

Files

d1d0488139f749c3efc47ddd969c73a065badb16e1aa32da9f35ffacb960df90.zip.zip
.zip

Password: infected
d1d0488139f749c3efc47ddd969c73a065badb16e1aa32da9f35ffacb960df90.zip
.zip
(Z)GOIN.XM
(ZL)LCB!.XM
BASS.DLL
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_CDFree
BASS_CDGetID
BASS_CDGetTrackLength
BASS_CDGetTracks
BASS_CDInDrive
BASS_CDInit
BASS_CDPlay
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetEAXMix
BASS_ChannelGetFlags
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelPause
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveSync
BASS_ChannelResume
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetA3DHFAbsorbtion
BASS_GetA3DResManager
BASS_GetCPU
BASS_GetDSoundObject
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetGlobalVolumes
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetLength
BASS_MusicGetName
BASS_MusicLoad
BASS_MusicPlay
BASS_MusicPlayEx
BASS_MusicSetAmplify
BASS_MusicSetPanSep
BASS_MusicSetPositionScaler
BASS_Pause
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SamplePlay
BASS_SamplePlay3D
BASS_SamplePlay3DEx
BASS_SamplePlayEx
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DAlgorithm
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetA3DHFAbsorbtion
BASS_SetA3DResManager
BASS_SetBufferLength
BASS_SetEAXParameters
BASS_SetGlobalVolumes
BASS_SetLogCurves
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetLength
BASS_StreamPlay

Sections

Size: 79KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BZ-SOS.XM
FILE_ID.DIZ
H25BONUS.ZIP
.zip
BZ-TREES.ZIP
.zip
bonz-trees/COPYING
bonz-trees/Makefile
bonz-trees/avltrees.c
bonz-trees/avltrees.h
bonz-trees/rbtrees.c
bonz-trees/rbtrees.h
bonz-trees/tree_test.cc
DROPZ.ZIP
.zip
!READ
DESC
DROPZ.COM
www.256b.com.nfo
FLASHEX.ZIP
.zip
Menus.fla
.js
buttons.fla
hugifade.fla
H25BONUS.NFO
HG_PARTY.ZIP
.zip
hg_party/Release/hydrogeN.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hg_party/addition.cpp
hg_party/addition.h
hg_party/base.h
hg_party/color.h
hg_party/compress.bat
hg_party/demo.cpp
hg_party/demo.dsp
hg_party/demo.dsw
hg_party/fexp.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hg_party/filter.cpp
hg_party/filter.h
hg_party/fntr/1.FNT
hg_party/fntr/FNTR.BAK
hg_party/fntr/FNTR.CPP
hg_party/fntr/FNTR.EXE
hg_party/fntr/FNTR.OBJ
hg_party/fntr/FONTDATA.CPP
hg_party/fntr/FONTDATA.H
hg_party/fontdata.cpp
hg_party/fontdata.h
hg_party/generate.cpp
hg_party/generate.h
hg_party/globals.cpp
hg_party/globals.h
hg_party/hydrogeN.nfo
hg_party/icon1.ico
hg_party/icon2.ico
hg_party/minifmod.h
hg_party/minifmod/Fmusic.c
hg_party/minifmod/Fsound.c
hg_party/minifmod/Mixer.h
hg_party/minifmod/Music.h
hg_party/minifmod/Sound.h
hg_party/minifmod/minifmod.h
hg_party/minifmod/mixer_clipcopy.c
hg_party/minifmod/mixer_clipcopy.h
hg_party/minifmod/mixer_fpu_ramp.c
hg_party/minifmod/mixer_fpu_ramp.h
hg_party/minifmod/music_formatxm.c
hg_party/minifmod/music_formatxm.h
hg_party/minifmod/system_file.c
hg_party/minifmod/system_file.h
hg_party/minifmod/system_memory.h
hg_party/minifmod/xmeffects.h
hg_party/minifmod/xmeffectsold
hg_party/music.xm
hg_party/resource.h
hg_party/resrc1.h
hg_party/samplegn/filter.cpp
hg_party/samplegn/filter.h
hg_party/samplegn/generate.cpp
hg_party/samplegn/generate.h
hg_party/samplegn/samplegn.cpp
hg_party/samplegn/samplegn.dsp
hg_party/samples.csm
hg_party/script1.rc
hg_party/sound.cpp
hg_party/sound.h
hg_party/sources.nfo
hg_party/txgen.cpp
hg_party/txgen.h
hg_party/video.cpp
hg_party/video.h
hg_party/xmd.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hg_party/xmeffects.h
hg_party/z3d/z3d.cpp
hg_party/z3d/z3d.h
hg_party/zenith/Debug/zenith.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hg_party/zenith/resource.h
hg_party/zenith/zenith.aps
hg_party/zenith/zenith.cpp
hg_party/zenith/zenith.dsp
hg_party/zenith/zenith.plg
.html
hg_party/zenith/zenith.rc
hg_party/zenith/zn_types.h
hg_party/zenmsc_e.txt
hg_party/zenmsc_r.txt
LATTICE.ZIP
.zip
PSTUTE.ZIP
.zip
SIMDTEST.ZIP
.zip
SPIN.ZIP
.zip
SUCUBUS.ZIP
.zip
TUBE.ZIP
.zip
HUGI25.DAT
HUGI25.EXE
.exe windows:4 windows x86

fe0fd74dba0435f2a66c36111ec6957b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetEvent
CreateThread
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateDirectoryA
CreateFileA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
GetTempPathA
GetCommandLineA
EnterCriticalSection
GetStringTypeA
LeaveCriticalSection
VirtualAlloc
GetOEMCP
GetACP
SetEnvironmentVariableA
CompareStringA
GetCPInfo
CompareStringW
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
HeapCreate
HeapDestroy
VirtualFree
GetEnvironmentVariableA
GetFileType
GetVersionExA
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
GetModuleHandleA
GetLastError
MultiByteToWideChar
SetLastError
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
FlushFileBuffers
SetStdHandle
Sleep
LoadLibraryA
GetProcAddress
CloseHandle
DeleteCriticalSection
TerminateThread
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateEventA
WaitForSingleObject
GetStartupInfoA
HeapSize
GetVersion
GetStringTypeW
RaiseException
RtlUnwind
WideCharToMultiByte
HeapReAlloc
HeapFree
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc

user32

FindWindowA
IsDlgButtonChecked
EndDialog
SendDlgItemMessageA
CheckDlgButton
SendMessageA
DialogBoxParamA
SetDlgItemInt
PostMessageA
MessageBoxA
GetWindowRect
GetDlgItem
SetCursor
LoadAcceleratorsA
DestroyWindow
ShowWindow
SetWindowPos
UpdateWindow
RegisterClassA
CreateWindowExA
GetSystemMetrics
FillRect
LoadCursorA
LoadIconA
SetTimer
KillTimer
GetUpdateRect
SystemParametersInfoA
RegisterWindowMessageA
ClientToScreen
ValidateRect
PostQuitMessage
EmptyClipboard
DefWindowProcA
OpenClipboard
WaitMessage
SetClipboardData
CloseClipboard
TranslateMessage
PeekMessageA
TranslateAcceleratorA
DispatchMessageA

gdi32

CreateCompatibleBitmap
CreateSolidBrush
StartDocA
StartPage
CreateDIBitmap
BitBlt
SelectObject
GetTextMetricsA
CreateFontA
GetTextExtentPoint32A
DeleteDC
DeleteObject
RemoveFontResourceA
GetDeviceCaps
CreateCompatibleDC
AddFontResourceA
SetBkMode
CreateRectRgn
StretchBlt
GetStockObject
LineTo
EndDoc
CreatePen
MoveToEx
EndPage
SetTextColor
TextOutA

comdlg32

PrintDlgA
GetOpenFileNameA

comctl32

ord17

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ddraw

DirectDrawCreate

dsound

ord1

ole32

CoInitializeEx
CoUninitialize

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HUGI25.NFO
ILIKS-MD.IT
SUPP!H26.TXT
USEGUIDE.TXT
WORD2PAN.ZIP
.zip

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

Size: 79KB - Virtual size: 292KB

Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.8MB

UPX1 Size: 60KB - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 4KB - Virtual size: 8KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 780B

.data Size: 4KB - Virtual size: 21KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 5KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 5.2MB

UPX1 Size: 63KB - Virtual size: 64KB

.rsrc Size: 512B - Virtual size: 4KB

fe0fd74dba0435f2a66c36111ec6957b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

comctl32

advapi32

shell32

ddraw

dsound

ole32

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 20KB - Virtual size: 45KB

.rsrc Size: 12KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 2.8MB

UPX1
Size: 60KB - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 4KB - Virtual size: 8KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 780B

.data
Size: 4KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 5.2MB

UPX1
Size: 63KB - Virtual size: 64KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 20KB - Virtual size: 45KB

.rsrc
Size: 12KB - Virtual size: 10KB