df361b5ecdb61287e4f593bb9ea5d6c9

Sharing

Copy URL Twitter E-mail

General

Target

df361b5ecdb61287e4f593bb9ea5d6c9
Size

2.3MB
MD5

df361b5ecdb61287e4f593bb9ea5d6c9
SHA1

1bdf88d2350a7599d1c4559ecf69ce60c9910ee8
SHA256

e769694e681c63584ff59a4256146fee3a223c4d5304efc6ce0e91d79adfa410
SHA512

9f9f497892fad13bc30284c6f0f3707e7a113dbe26bdecd2af2c9cded1ca96ab2153b769f8e885804c3487465b809e72efe6fa9d1d1ca577161996ff38015460
SSDEEP

49152:JuRU+ke56wE5ZDWwdfoV9fmwDWnoSLsLWMMYeO2Ixc7EJQQPW:JYUbBwTwV8wwDjQsLlMjO2+gEJQQu

Score

7^/10

pdf link upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SENuke/close_msgboxes.exe	upx

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SENuke/SENuke.exe
unpack001/SENuke/close_msgboxes.exe
unpack001/SENuke/unins000.exe

Files

df361b5ecdb61287e4f593bb9ea5d6c9
.zip
SENuke/Manual.pdf
.pdf
- http://www.senuke.com/membership
- http://www.senuke.com/blog
- http://www.senuke.com/forum
- http://senuke.uservoice.com/
- http://uwinfb.projectx.hop.clickbank.net/
- http://www.senuke.com/videos
- http://www.hubpages.com/hub/yourdomain
- http://www.1shoppingcart.com/app/?af=768095
- http://www.zamzar.com/
- http://www.animoto.com/
- http://www.mywebsite.com/
- http://www.senuke.com/
- Show all
SENuke/SENuke.exe
.exe windows:4 windows x86 arch:x86

9d6da162f8e2d36b2fe216ea1d48a19f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
ord690
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord512
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
__vbaFreeObjList
__vbaLineInputVar
ord516
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaI2Abs
ord628
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaError
ord660
ord661
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaForEachCollObj
ord593
__vbaVarForInit
__vbaExitProc
__vbaBoolStr
__vbaStrBool
ord300
ord594
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
__vbaVarIndexLoad
ord306
ord520
__vbaBoolVar
__vbaForEachCollVar
ord309
__vbaBoolVarNull
__vbaRefVarAry
__vbaVarTstLt
__vbaFpR8
_CIsin
ord631
__vbaErase
ord524
ord525
__vbaNextEachCollObj
ord632
__vbaVarCmpGt
__vbaVarZero
__vbaLateMemStAd
__vbaVargVarMove
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaGet3
__vbaStrCmp
ord529
__vbaExitEachColl
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
__vbaNextEachCollVar
ord561
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
ord601
_CIsqrt
ord310
__vbaRedimVar
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaVarMul
ord710
__vbaExceptHandler
ord312
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaExitEachAry
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
ord607
__vbaLateIdStAd
__vbaVarDiv
ord714
__vbaI2Str
ord608
ord531
__vbaVarCmpLe
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord535
__vbaCheckType
__vbaMidStmtBstrB
__vbaI2Var
ord537
ord644
ord645
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
ord570
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaInStr
__vbaR8Str
__vbaVarInt
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
ord681
__vbaI4Str
__vbaFreeStrList
__vbaVarNot
__vbaVarCmpLt
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord689
__vbaForEachAry
__vbaVarLateMemStAd
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
ord612
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
ord613
__vbaFpI2
__vbaVarMod
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarTstGe
__vbaUnkVar
ord616
__vbaLateMemCallLd
__vbaVarSetObjAddref
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaI2ErrVar
__vbaStrVarCopy
__vbaForEachVar
ord619
__vbaR8IntI4
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SENuke/SENuke.exe.manifest
.xml
SENuke/batchresearchcomplete.wav
SENuke/close_msgboxes.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 195KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SENuke/complete.wav
SENuke/emailvcomplete.wav
SENuke/pingingcomplete.wav
SENuke/regcontrols.bat
SENuke/unins000.dat
SENuke/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d6da162f8e2d36b2fe216ea1d48a19f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.data Size: 4KB - Virtual size: 67KB

.rsrc Size: 44KB - Virtual size: 40KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 256KB

UPX1 Size: 195KB - Virtual size: 196KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 600KB - Virtual size: 599KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 34KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 6.5MB - Virtual size: 6.5MB

.data
Size: 4KB - Virtual size: 67KB

.rsrc
Size: 44KB - Virtual size: 40KB

UPX0
Size: - Virtual size: 256KB

UPX1
Size: 195KB - Virtual size: 196KB

.rsrc
Size: 6KB - Virtual size: 8KB

CODE
Size: 600KB - Virtual size: 599KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 34KB

.rsrc
Size: 80KB - Virtual size: 80KB