Desktop[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.zip
Size

239KB
MD5

3fb3dfb18f42d0cbc4bb7e5b99c23582
SHA1

60e04fda9779bc8b3ccc817a947dd46bef04f9a3
SHA256

1ba02ac1dacb3582e9775ae2c649b48efbb04b2d91c1320407b4944e160217b2
SHA512

d109d2f23ad954fffa50ba81fa2881e50e5c83586097edeb67a6304ef56fbdb1d56acc2e4631067a992db19c95d64cf684898b11d4f51857cca3a4409b5b2c9b
SSDEEP

3072:KKhSzN89/H7c4TjcmC25gai0EBq1r7ij9XMTdrdSt8YzcR4YT7p4A59i0fQ/9cLb:KW089+Z2ivVBqJoXgE8m3Mug9q9cL2TQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/3cd5f10c97b6c0f83486b6a140b6fa1c5eb5b2bc4ba8c75c3e1f779e4c61d734	upx
static1/unpack005/3b6818f30abb178fab391e48fd6aabdc9ff77213278db5de4e25bf1fb71a0583	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/3cd5f10c97b6c0f83486b6a140b6fa1c5eb5b2bc4ba8c75c3e1f779e4c61d734
unpack004/4b1ff2f6551a62e2b72ef199f50e401cd8ffd0bf96e7cdac56c10d897c1574f3
unpack005/3b6818f30abb178fab391e48fd6aabdc9ff77213278db5de4e25bf1fb71a0583

Files

Desktop.zip
.zip
VirusShare_6d9c27b075caf179ca58dd0371ad5b16.zip
.zip

Password: infected
3cd5f10c97b6c0f83486b6a140b6fa1c5eb5b2bc4ba8c75c3e1f779e4c61d734
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VirusShare_74409042038ef1afacec65b55d1fddd4.zip
.zip

Password: infected
4b1ff2f6551a62e2b72ef199f50e401cd8ffd0bf96e7cdac56c10d897c1574f3
.exe .js windows:4 windows x86 arch:x86 polyglot

596e6f03b254cb830057f60e4648e17f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\src\_cpp\bwin3_3\Release\bwin3.pdb

Imports

kernel32

OpenThread
GetCurrentProcessId
Thread32First
Sleep
CreateThread
GetModuleFileNameA
InterlockedDecrement
QueryPerformanceCounter
RaiseException
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
SuspendThread
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
LoadLibraryA
SetUnhandledExceptionFilter
HeapSize
VirtualQuery
InterlockedExchange
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
Thread32Next
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetLastError
GetCurrentProcess
CloseHandle
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
GetStringTypeW
lstrlenA
GetFileType
IsBadReadPtr
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
ExitProcess
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetTickCount

user32

EqualRect
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
wsprintfA
SetWindowLongA
GetWindowLongA
SetWindowPos
GetClientRect
GetDC
ReleaseDC
GetWindowRect
GetSystemMetrics
GetParent
GetWindowDC
UpdateLayeredWindow
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA

gdi32

CreateDIBSection
SelectObject
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
GetStockObject
CreateCompatibleDC

advapi32

RegCreateKeyExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey

ole32

OleDraw
OleSetContainedObject
OleCreate
OleInitialize
OleUninitialize

oleaut32

SysFreeString
VariantClear
SysAllocString
GetErrorInfo

wininet

InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirusShare_c596dc81add4216f099fc12d12fb5745.zip
.zip

Password: infected
3b6818f30abb178fab391e48fd6aabdc9ff77213278db5de4e25bf1fb71a0583
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 332KB

UPX1 Size: 81KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

Password: infected

596e6f03b254cb830057f60e4648e17f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 76KB - Virtual size: 73KB

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 296KB

UPX1 Size: 92KB - Virtual size: 96KB

.rsrc Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 332KB

UPX1
Size: 81KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 76KB - Virtual size: 73KB

UPX0
Size: - Virtual size: 296KB

UPX1
Size: 92KB - Virtual size: 96KB

.rsrc
Size: 2KB - Virtual size: 4KB