mmTour[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mmTour.zip
Size

17.0MB
MD5

c7998a3fad80f27fd43439242c8d09ba
SHA1

d8e12f45ccd15c6b6b6e7cf8e3f557ac9047ffb0
SHA256

cfdbb005962eb80c8e876d6730f7084761b8ffd05572bbe2aca21a37135b3d8a
SHA512

e7ae2c017afcef0416ad9e8f6d8aac04cd9f8ddf0c6a6f35d78745c956b72856de30e75431dbb062abb5bab3a0aede1bbc8dc0954709b35c7eff440a9f25a41f
SSDEEP

393216:Y6FL1YqX5jXehAWhOvzyvBYTXCy7Nn5eg3Qgrn46AnM7:Y6F+qJXehJOvzyyTXCy715eFgrnPAne

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tour.exe

Files

mmTour.zip
.zip

Password: test
intro.swf
intro.txt
nav.swf
nav.txt
segment1.swf
segment1.txt
segment2.swf
segment2.txt
segment3.swf
segment3.txt
segment4.swf
segment4.txt
segment5.swf
segment5.txt
tour.exe
.exe windows:4 windows x86 arch:x86

Password: test

d20a9e341245699775e8760818473a10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GlobalAlloc
GetProcAddress
LoadLibraryA
SetErrorMode
InitializeCriticalSection
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
IsDBCSLeadByte
GetACP
GetCPInfo
Sleep
WaitForMultipleObjects
CreateThread
ExitThread
WinExec
CopyFileA
WriteFile
SetEndOfFile
DeleteFileA
GetVersionExA
CreateFileA
GetFileSize
SetFilePointer
CloseHandle
GlobalUnlock
GlobalLock
GetModuleFileNameA
GetCommandLineA
GetModuleHandleA
ExitProcess
lstrlenA
GetStartupInfoA
CreateProcessA
EnterCriticalSection
GlobalFree
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter

user32

SetTimer
GetFocus
SetCapture
ReleaseCapture
SetCursor
EndPaint
BeginPaint
MessageBoxA
DeleteMenu
ClientToScreen
TrackPopupMenu
GetCapture
GetCursorPos
WindowFromPoint
ScreenToClient
MapVirtualKeyA
CheckMenuItem
InvalidateRect
PostMessageA
GetDlgItemTextA
EnableWindow
SetDlgItemTextA
SetFocus
GetClientRect
GetMenu
SetMenu
GetDesktopWindow
MoveWindow
DialogBoxParamA
FillRect
KillTimer
EnableMenuItem
PostQuitMessage
LoadMenuA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassA
LoadAcceleratorsA
GetMessageA
TranslateMessage
DispatchMessageA
TranslateAcceleratorA
GetWindow
GetWindowRect
SetWindowPos
GetWindowLongA
DefWindowProcA
IsWindow
DestroyWindow
CreateWindowExA
SetWindowLongA
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
GetKeyState
EmptyClipboard
SetClipboardData
EndDialog
GetSubMenu
LoadStringA
OpenClipboard
GetClipboardData
CloseClipboard
GetDC
ReleaseDC
GetWindowTextLengthA
GetDlgItem
DestroyMenu

gdi32

SetPolyFillMode
StrokePath
ExtCreatePen
DeleteObject
SelectObject
StretchDIBits
SetDIBitsToDevice
GdiFlush
CreateCompatibleBitmap
DeleteDC
CreateDIBSection
GetDeviceCaps
EndPath
CreateCompatibleDC
BitBlt
EnumFontFamiliesA
ExtTextOutA
SetBkColor
GetBkColor
SetTextAlign
SetBkMode
SetTextColor
SelectClipRgn
LineTo
MoveToEx
CreatePen
GetTextExtentPoint32A
GetTextMetricsA
GetTextAlign
GetBkMode
GetTextColor
IntersectClipRect
GetClipRgn
CreateRectRgn
CreateFontIndirectA
DPtoLP
GetObjectA
RealizePalette
StartDocA
LPtoDP
StartPage
EndPage
EndDoc
BeginPath
CreatePalette
SelectPalette
GetSystemPaletteEntries
FillPath
SelectClipPath
PolyBezierTo
GetClipBox
SaveDC
RestoreDC
CreateSolidBrush

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA

advapi32

RegSetValueA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegSetValueExA

shell32

DragQueryFileA
DragAcceptFiles

winmm

timeKillEvent
timeSetEvent
waveOutReset
timeEndPeriod
timeGetTime
timeBeginPeriod
timeGetDevCaps
waveOutGetDevCapsA
waveOutClose
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutOpen

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test

Password: test

d20a9e341245699775e8760818473a10

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

winmm

Sections

.text Size: 276KB - Virtual size: 274KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 12KB - Virtual size: 17KB

.data1 Size: 4KB - Virtual size: 176B

.rsrc Size: 40KB - Virtual size: 37KB

.text
Size: 276KB - Virtual size: 274KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 12KB - Virtual size: 17KB

.data1
Size: 4KB - Virtual size: 176B

.rsrc
Size: 40KB - Virtual size: 37KB