Email-Worms[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Email-Worms.zip
Size

359KB
MD5

ecb7a3920cdc7e52744238bf33c3e8a9
SHA1

3d72f9f7cc3e657f6a4960bbb2806920826fd290
SHA256

b7a407a09f2ecd215de4345bd2165e76607eef9297a8e848215c525d6ee19a80
SHA512

8219f5fe1a179ca4b7d9e5f90fd2da257c9d8e2951aac2d9bf8965947e64ff418e5aff2bdbb5fbd5841af4e273436da5026b0cdd9b1eb12aaaf82bb525d98e63
SSDEEP

6144:wSYAr8H71nGt6VountL/neIbFX1zo6w++NmK8/t31zPUXnQBh95voTVb/UnfVDvr:wSrQH71nAOoqpGIbFFIjItFD5voVIu2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack006/MyDoom.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/Gruel.exe
unpack003/Happy99.exe
unpack004/MeltingScreen.exe
unpack005/MsWorld.exe
unpack006/MyDoom.exe
unpack007/out.upx
unpack008/NetSky.exe
unpack009/Parrot.exe

Files

Email-Worms.zip
.zip
Email-Worms/Gruel.zip
.zip
Gruel.exe
.exe windows:4 windows x86 arch:x86

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord662
ord593
ord594
ord595
ord520
ord631
ord632
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord607
ord608
ord716
ord534
ProcCallEngine
ord536
ord537
ord570
ord648
ord576
ord685
ord100
ord689
ord610
ord616
ord617
ord619
ord580
ord581

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Email-Worms/Happy99.zip
.zip
Happy99.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Email-Worms/MeltingScreen.zip
.zip
MeltingScreen.exe
.exe windows:4 windows x86 arch:x86

f90f100c81647f834881cf7cd9e90bd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

MethCallEngine
ord625
ord593
ord598
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord608
ord535
ord645
ord100
ord617
ord580

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Email-Worms/MsWorld.zip
.zip
MsWorld.exe
.exe windows:4 windows x86 arch:x86

ce3cbbc1ba1365b2d3ecb9bef12f75b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord632
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord608
ord716
ProcCallEngine
ord100

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Email-Worms/MyDoom.zip
.zip
MyDoom.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Email-Worms/NetSky.zip
.zip
NetSky.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.petite
Size: 15KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 939B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Email-Worms/Parrot.zip
.zip
Parrot.exe
.exe windows:1 windows x86 arch:x86

66a153d41672822091eb2e5c5cefb36d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

shell32

ShellExecuteA

advapi32

RegSetValueA

Sections

pec1
Size: 45KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Email-Worms/Pikachu.zip
.zip
Email-Worms/White.zip
.zip
Email-Worms/ZippedFiles.zip
.zip

Sharing

General

Malware Config

Signatures

Files

5c7433b2a8bfdbd866a519f5ce78aa7b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 4KB - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

f90f100c81647f834881cf7cd9e90bd4

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: - Virtual size: 2KB

.idata Size: 512B - Virtual size: 344B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 900B

ce3cbbc1ba1365b2d3ecb9bef12f75b8

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 31KB - Virtual size: 30KB

.rsrc Size: 512B - Virtual size: 496B

Headers

File Characteristics

Sections

.petite Size: 15KB - Virtual size: 84KB

Size: 16B - Virtual size: 4KB

Size: 1024B - Virtual size: 939B

66a153d41672822091eb2e5c5cefb36d

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

Sections

pec1 Size: 45KB - Virtual size: 60KB

.rsrc Size: 3KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 4KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: - Virtual size: 2KB

.idata
Size: 512B - Virtual size: 344B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 900B

.text
Size: 120KB - Virtual size: 119KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 496B

.petite
Size: 15KB - Virtual size: 84KB

pec1
Size: 45KB - Virtual size: 60KB

.rsrc
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB