Desktop[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.zip
Size

5.5MB
MD5

707fa0ee4ef1574eed244effb9a15eda
SHA1

ebb1243f66a5d421a39adccafab8030660c1730c
SHA256

256bf2e20c928bde03f5fbc4f2803f4ad3c4db1867c31be4668a1e284e47c703
SHA512

d8bba05033b44bb8bb781e64635c167a07c91ecc4e95eff4e20fb9dc3999e42372dae47961557f90871c06e7bf1b7f3a7953c9c79cc80e9f86d2d940bd940000
SSDEEP

98304:Axu4RZxhluMPqWu50Dfh/EQDzv3jtxhqIUQ1zbOj0OxhQmqjdyGEhrKtqRXP:GugZxhluMPqWhlEQ/vZ3qIX9ODW5yw85

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/3aae50b1fdf4a372282b817998e883b2af9c204c008597e61579a4e56037b7ef	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1524a60179e7884ff5d48d7dfa8918eb15be49fbdc8edf52e221b4200a741b9f
unpack001/176acfc91378b9d373b7a6f5cecc8377dc6dfe367c31fe4d6fcfd9fba15601c7
unpack001/3aae50b1fdf4a372282b817998e883b2af9c204c008597e61579a4e56037b7ef

Files

Desktop.zip
.zip
1524a60179e7884ff5d48d7dfa8918eb15be49fbdc8edf52e221b4200a741b9f
.dll windows:5 windows x64 arch:x64

4043e27e564c872fecd0f822411b363a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
CreateFileA
GetModuleFileNameA
GetCurrentProcessId
CreateProcessA
GetSystemDirectoryA
DuplicateHandle
ExitThread
ReadFile
CreateEventA
CreatePipe
CreateMutexA
WritePrivateProfileStringA
WaitForSingleObject
CreateThread
WideCharToMultiByte
SetLocalTime
DisconnectNamedPipe
WriteFile
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
CompareStringA
FlushFileBuffers
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GlobalMemoryStatus
SetEvent
GetLocalTime
Sleep
LoadLibraryA
FreeLibrary
GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetVersionExA
IsBadReadPtr
GetCurrentProcess
LocalFree
GetLastError
CloseHandle
GlobalAlloc
GlobalFree
FindFirstFileA
FindClose
WaitForMultipleObjects
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetModuleHandleW
ExitProcess
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableA

user32

LoadCursorA
GetSystemMetrics
PostMessageA
SetTimer
KillTimer
DispatchMessageA
GetMessageA
LoadIconA
TranslateMessage
RegisterClassA
CreateWindowExA
DefWindowProcA
ExitWindowsEx

gdi32

GetStockObject

advapi32

OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit

Exports

Exports

SendMsg

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
176acfc91378b9d373b7a6f5cecc8377dc6dfe367c31fe4d6fcfd9fba15601c7
.exe windows:4 windows x64 arch:x64

ef1c34bcc57aa06adf1087c054d63644

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileMappingA
GetFileSize
FlushViewOfFile
SetFileTime
GetFileTime
CopyFileA
GetFileAttributesA
QueryDosDeviceA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LockResource
LoadResource
SizeofResource
FindResourceA
SetEndOfFile
ReadFile
LocalAlloc
__C_specific_handler
HeapFree
HeapAlloc
GetProcessHeap
_local_unwind
InitializeCriticalSection
MapViewOfFile
DuplicateHandle
ExitThread
CreatePipe
LeaveCriticalSection
EnterCriticalSection
DisconnectNamedPipe
WaitForMultipleObjects
TerminateThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeA
GetUserDefaultLangID
GetDiskFreeSpaceExA
GetLogicalDrives
GlobalMemoryStatusEx
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
IsBadReadPtr
UnmapViewOfFile
GetVersionExA
GetModuleHandleA
GetSystemInfo
CreateProcessA
Sleep
GetCurrentProcess
LocalFree
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
CreateFileA
GetTickCount
WriteFile
FreeLibrary
SetFilePointer
GetLastError
GetCurrentProcessId
FindFirstFileA
FindClose
SetFileAttributesA
DeleteFileA
CreateEventA
WaitForSingleObject
SetEvent
GetModuleFileNameA
CreateThread
CloseHandle
DeleteCriticalSection
FlushFileBuffers
HeapReAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
GetStartupInfoA
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
FlsAlloc
ExitProcess
GetStdHandle
HeapSetInformation
HeapCreate
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode

user32

DefWindowProcA
GetSystemMetrics
EnumDisplaySettingsA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow

gdi32

GetStockObject

advapi32

CreateServiceA
EnumServicesStatusA
EnumDependentServicesA
QueryServiceStatusEx
QueryServiceConfigA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA
StartServiceA
ControlService
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
ChangeServiceConfig2A
CloseServiceHandle

imagehlp

CheckSumMappedFile

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3aae50b1fdf4a372282b817998e883b2af9c204c008597e61579a4e56037b7ef
.dll windows:5 windows x64 arch:x64

254272a8b1cac639347fec9bffcfa832

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadCursorA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetStockObject

advapi32

OpenServiceA

ole32

CoUninitialize

oleaut32

SysStringLen

odbc32

ord18

wtsapi32

WTSSendMessageW

Exports

Exports

SendMsg

Sections

.text
Size: - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4043e27e564c872fecd0f822411b363a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 6KB - Virtual size: 106KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

ef1c34bcc57aa06adf1087c054d63644

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

imagehlp

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 80KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 104KB - Virtual size: 103KB

254272a8b1cac639347fec9bffcfa832

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

odbc32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 282KB

.rdata Size: - Virtual size: 71KB

.data Size: - Virtual size: 105KB

.pdata Size: - Virtual size: 8KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 512B - Virtual size: 192B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 6KB - Virtual size: 106KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 80KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 104KB - Virtual size: 103KB

.text
Size: - Virtual size: 282KB

.rdata
Size: - Virtual size: 71KB

.data
Size: - Virtual size: 105KB

.pdata
Size: - Virtual size: 8KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 2KB - Virtual size: 1KB