rss[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

rss.rar
Size

2.9MB
MD5

efb98aaeb5bf5bcd27d1ee526e13a1f9
SHA1

433349b1f61d229e046838c80ee8f73c0d93df87
SHA256

013596c0927c3e3e9863f9081766764f3edde0d6fec1d0c49d811342ae54a909
SHA512

da571b2fa5dd196b23ec7b5213d6cc55b27a1d052f2a7d6a4ef5096218e56d3ee6c433af854b07f4728ebe25132825a8f53e48db94e21afb7f01497c4629ac5c
SSDEEP

49152:SeeXtMC0o6w1HETgW9jwFIjxu6Gq8aOE658Plq48u2Xe1blfVKPooMp:SeNPoW9jOIvJ2Xe1bl9Kip

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/winserv.exe

Files

rss.rar
.rar

Password: dsafsfghghjujgdhfg
winserv.exe
.exe windows:4 windows x86 arch:x86

Password: dsafsfghghjujgdhfg

ebe65d762f2c61fe8918999d24b4ff38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
ControlService
ConvertSidToStringSidW
CreateServiceW
CryptAcquireContextA
CryptAcquireContextW
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptGenKey
CryptImportKey
CryptReleaseContext
DeleteService
DeregisterEventSource
DuplicateToken
EnumServicesStatusW
FreeSid
GetTokenInformation
GetUserNameA
GetUserNameW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
LookupAccountNameW
LookupAccountSidW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
QueryServiceConfigW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCache
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExA
RegSetValueExW
RegUnLoadKeyW
RegisterEventSourceW
RegisterServiceCtrlHandlerExW
ReportEventW
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
SetServiceStatus
SetTokenInformation
StartServiceCtrlDispatcherW
StartServiceW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitializeFlatSB
_TrackMouseEvent

comdlg32

GetSaveFileNameA
GetSaveFileNameW
PrintDlgW

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BeginPath
BitBlt
Chord
CloseEnhMetaFile
CombineRgn
CombineTransform
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectW
CreateFontW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EndPath
EnumFontFamiliesExW
EnumFontsW
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
ExtTextOutW
FillPath
FillRgn
FrameRgn
GdiFlush
GetBitmapBits
GetBkMode
GetBrushOrgEx
GetClipBox
GetClipRgn
GetCurrentObject
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetObjectW
GetPaletteEntries
GetPixel
GetROP2
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextAlign
GetTextColor
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceA
GetTextMetricsW
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
PatBlt
PathToRegion
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
PtInRegion
PtVisible
RealizePalette
RectInRegion
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetGraphicsMode
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
SetWorldTransform
StartDocA
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutA
TextOutW
UnrealizeObject
WidenPath

kernel32

Beep
CloseHandle
CompareStringA
CompareStringW
ConnectNamedPipe
CopyFileA
CopyFileExW
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateNamedPipeW
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameExW
GetComputerNameW
GetConsoleCP
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetUserGeoID
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
IsBadReadPtr
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalSize
LockResource
MapViewOfFile
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventW
OpenFileMappingA
OpenFileMappingW
OpenProcess
OpenSemaphoreW
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessShutdownParameters
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringW
lstrcmp
lstrcmpW
lstrcmpiW
lstrlen
lstrlenW

msvcrt

memcpy
memset

netapi32

NetApiBufferFree
NetWkstaGetInfo

ole32

CLSIDFromProgID
CoCreateInstance
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
IsAccelerator
IsEqualGUID
OleDraw
OleInitialize
OleRegEnumVerbs
OleSetMenuDescriptor
OleUninitialize
ProgIDFromCLSID
StringFromCLSID

oleaut32

CreateErrorInfo
GetActiveObject
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SetErrorInfo
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

shell32

PathCleanupSpec
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDList
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteEx
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

shfolder

SHGetFolderPathW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextW
CharToOemW
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CloseDesktop
CopyIcon
CopyImage
CountClipboardFormats
CreateAcceleratorTableW
CreateCaret
CreateDialogParamW
CreateIcon
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyCursor
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndMenu
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowA
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameA
GetClassNameW
GetClientRect
GetClipboardData
GetComboBoxInfo
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetGuiResources
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetTopWindow
GetUpdateRect
GetUpdateRgn
GetUserObjectInformationW
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextA
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
IsChild
IsClipboardFormatAvailable
IsDialogMessage
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
LoadKeyboardLayoutW
LoadMenuW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OemToCharA
OffsetRect
OpenClipboard
OpenDesktopW
OpenInputDesktop
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageA
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
ScrollWindowEx
SendInput
SendMessageA
SendMessageTimeoutA
SendMessageW
SendNotifyMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetThreadDesktop
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
keybd_event
mouse_event

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerLanguageNameW
VerQueryValueA
VerQueryValueW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetQueryOptionW
InternetReadFile

winmm

PlaySoundW
sndPlaySoundW
timeGetTime

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
OpenPrinterW

wintrust

WinVerifyTrust

wsock32

WSACleanup
WSAGetLastError
WSAStartup
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
madTraceProcess

Sections

.tls
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: dsafsfghghjujgdhfg

Password: dsafsfghghjujgdhfg

ebe65d762f2c61fe8918999d24b4ff38

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcrt

netapi32

ole32

oleaut32

shell32

shfolder

user32

version

winhttp

wininet

winmm

winspool.drv

wintrust

wsock32

Exports

Exports

Sections

.tls Size: 10.1MB - Virtual size: 10.1MB

.rsrc Size: 90KB - Virtual size: 92KB

.idata Size: 22KB - Virtual size: 24KB

.tls
Size: 10.1MB - Virtual size: 10.1MB

.rsrc
Size: 90KB - Virtual size: 92KB

.idata
Size: 22KB - Virtual size: 24KB