video[.]rar | Triage

General

Target

video.rar
Size

6.1MB
MD5

dfdff379c80eac7312d10140dcf23d2a
SHA1

dd0bf08da371e2a33e4820e40677f9bccb74d5ae
SHA256

823f7d33fb3d43a8d98ab031ae2e2ab419c2c8ebe33a8115c0d7992592bc7bc5
SHA512

ce28c5c2f11554511728c384daa055078f891d3230b0c16eb59b204fdc8452d90d68894dd1a982d69a264b972b69866f4761be7896602fc82b221892e945ce04
SSDEEP

196608:80OBlinh2gOCXo8avyWL8VOoh2kfPp3ifOZ:8rB8sgOCXJ4Voh28ByfK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/AutoHotkey_2.0.15_setup.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AutoHotkey_1.1.37.02_setup.exe
unpack001/AutoHotkey_2.0.15_setup.exe

Files

video.rar
.rar
Animation Cancel Script.ahk
AutoHotkey_1.1.37.02_setup.exe
.exe windows:4 windows x86 arch:x86

fa4d5c869351014d1ce952f2833a7558

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

shell32

ShellExecuteExW

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcpy
free
malloc
wcscmp
memcmp
memmove
strlen
wcslen
wcscpy
wcscat
memset

kernel32

GetStartupInfoA
GetModuleHandleA
SetFilePointer
WriteFile
ReadFile
CreateFileW
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindFirstFileW
FindClose
GetModuleFileNameW
GetCommandLineW
GetTempPathW
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
CreateDirectoryW
GetLastError
SetFileTime
SetFileAttributesW
CreateProcessW
CloseHandle
WaitForSingleObject

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AutoHotkey_2.0.15_setup.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa4d5c869351014d1ce952f2833a7558

Headers

File Characteristics

Imports

user32

shell32

msvcrt

kernel32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 22KB - Virtual size: 22KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.4MB

UPX1 Size: 2.8MB - Virtual size: 2.8MB

.rsrc Size: 36KB - Virtual size: 40KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 22KB - Virtual size: 22KB

UPX0
Size: - Virtual size: 2.4MB

UPX1
Size: 2.8MB - Virtual size: 2.8MB

.rsrc
Size: 36KB - Virtual size: 40KB