email-worms[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

email-worms.zip
Size

359KB
MD5

0a1ed3ef52c7f1eaf3f9566dcfb847c5
SHA1

77dda7ab133a0683f1b0cf6ff2a867a92be349ff
SHA256

599b40aa7b210e6c8204c658da233a7bfe8d3f144860a93a4db498b69969679e
SHA512

0c91ed5b54fcf1c4aa26ac7b12d0511525d24968c62461525d17f4645fbb290b82807704ec818739aabe6b50fe6261fa6e539222691ee1de96d7665901a44a90
SSDEEP

6144:0H71nGt6VountL/neIbFX1zyXnQBh95voTVb/UnfVDvsXSBA++fZAG65mK8/t31Z:0H71nAOoqpGIbFFn5voVIuXSijaGtF3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack006/MyDoom.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/Gruel.exe
unpack003/Happy99.exe
unpack004/MeltingScreen.exe
unpack005/MsWorld.exe
unpack006/MyDoom.exe
unpack007/out.upx
unpack008/NetSky.exe
unpack009/Parrot.exe

Files

email-worms.zip
.zip
email-worms/Gruel.zip
.zip
Gruel.exe
.exe windows:4 windows x86 arch:x86

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord662
ord593
ord594
ord595
ord520
ord631
ord632
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord607
ord608
ord716
ord534
ProcCallEngine
ord536
ord537
ord570
ord648
ord576
ord685
ord100
ord689
ord610
ord616
ord617
ord619
ord580
ord581

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-worms/Happy99.zip
.zip
Happy99.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-worms/MeltingScreen.zip
.zip
MeltingScreen.exe
.exe windows:4 windows x86 arch:x86

f90f100c81647f834881cf7cd9e90bd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

MethCallEngine
ord625
ord593
ord598
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord608
ord535
ord645
ord100
ord617
ord580

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-worms/MsWorld.zip
.zip
MsWorld.exe
.exe windows:4 windows x86 arch:x86

ce3cbbc1ba1365b2d3ecb9bef12f75b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord716
ProcCallEngine
ord100

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-worms/MyDoom.zip
.zip
MyDoom.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-worms/NetSky.zip
.zip
NetSky.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.petite
Size: 15KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 939B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
email-worms/Parrot.zip
.zip
Parrot.exe
.exe windows:1 windows x86 arch:x86

66a153d41672822091eb2e5c5cefb36d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

shell32

ShellExecuteA

advapi32

RegSetValueA

Sections

pec1
Size: 45KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
email-worms/Pikachu.zip
.zip
email-worms/White.zip
.zip
email-worms/ZippedFiles.zip
.zip .ps1 polyglot

Sharing

General

Malware Config

Signatures

Files

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 4KB - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

f90f100c81647f834881cf7cd9e90bd4

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: - Virtual size: 2KB

.idata Size: 512B - Virtual size: 344B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 900B

ce3cbbc1ba1365b2d3ecb9bef12f75b8

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 31KB - Virtual size: 30KB

.rsrc Size: 512B - Virtual size: 496B

Headers

File Characteristics

Sections

.petite Size: 15KB - Virtual size: 84KB

Size: 16B - Virtual size: 4KB

Size: 1024B - Virtual size: 939B

66a153d41672822091eb2e5c5cefb36d

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

Sections

pec1 Size: 45KB - Virtual size: 60KB

.rsrc Size: 3KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 4KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: - Virtual size: 2KB

.idata
Size: 512B - Virtual size: 344B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 900B

.text
Size: 120KB - Virtual size: 119KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 496B

.petite
Size: 15KB - Virtual size: 84KB

pec1
Size: 45KB - Virtual size: 60KB

.rsrc
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB