89c0dc10a236feb1a9700e4e02d35113e7e8c0aeb38f022ea6eff09516e5cd3b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

89c0dc10a236feb1a9700e4e02d35113e7e8c0aeb38f022ea6eff09516e5cd3b.zip
Size

2.5MB
MD5

c5b9b29591e4f092f85428326d449d32
SHA1

f734212ea65d93a97da050231ba1c4549fe1103a
SHA256

07ceccf5613cad5096bac62824390066a56f9565a51c028a0fa8b67b92386e1c
SHA512

bafad481a8a910352b26d6e44de25b10359569f41a958f1bb5cbf255bfe0fc2d603e036eb303e0f1ade63a686873b173bc95dee73eb378750affbd8686e1d4ba
SSDEEP

49152:+OsOah5s11p9vDfRNohxjkG4uIuF6J5Xa2ODdKnNBiPWH:5sOahIp9vD5Gx/Iuu9a2ODdGni2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/89c0dc10a236feb1a9700e4e02d35113e7e8c0aeb38f022ea6eff09516e5cd3b	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/89c0dc10a236feb1a9700e4e02d35113e7e8c0aeb38f022ea6eff09516e5cd3b

Files

89c0dc10a236feb1a9700e4e02d35113e7e8c0aeb38f022ea6eff09516e5cd3b.zip
.zip

Password: infected
89c0dc10a236feb1a9700e4e02d35113e7e8c0aeb38f022ea6eff09516e5cd3b
.exe windows:6 windows x64 arch:x64

Password: infected

b6ad1ea15356aea4060794d58f9d80d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
RegQueryValueExW
SystemFunction036
RegOpenKeyExW
FreeSid
RegCloseKey
CheckTokenMembership
FreeSid

ucrtbase

_msize
malloc
_set_new_mode
realloc
calloc
free
_configthreadlocale
exp2f
_dclass
log
roundf
pow
ceil
__setusermatherr
powf
truncf
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_seh_filter_exe
_initterm_e
_endthreadex
_register_onexit_function
_crt_atexit
_beginthreadex
abort
exit
_Exit
terminate
__p___argc
_initialize_onexit_table
__p___argv
_initterm
_cexit
_c_exit
_set_app_type
_register_thread_local_exe_atexit_callback
__p__commode
_set_fmode
strlen
strncmp
strcspn
strcpy_s
strcmp
wcsncmp
_localtime64_s
_rotl64
qsort
free
_configthreadlocale
log
exit
_set_fmode
strlen
_localtime64_s
qsort

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptGenRandom

crypt32

CertDuplicateStore
CryptUnprotectData
CertFreeCertificateChain
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCloseStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertOpenStore
CertFreeCertificateContext
CertOpenStore

gdi32

CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteDC

kernel32

GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetSystemInfo
WakeConditionVariable
GetStdHandle
SetFileCompletionNotificationModes
CreateIoCompletionPort
SetHandleInformation
TryAcquireSRWLockExclusive
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ReleaseSRWLockExclusive
GetCurrentThread
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
FatalExit
GetProcAddress
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
LoadLibraryExW
PostQueuedCompletionStatus
GetFinalPathNameByHandleW
SetLastError
GetQueuedCompletionStatusEx
WakeAllConditionVariable
GetModuleHandleA
SwitchToThread
CreateFileW
SetFileInformationByHandle
GetModuleFileNameW
HeapReAlloc
GetProcessHeap
HeapAlloc
Sleep
GetExitCodeProcess
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileInformationByHandle
TerminateProcess
SetThreadStackGuarantee
AddVectoredExceptionHandler
CloseHandle
FindClose
QueryPerformanceCounter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetLastError
AcquireSRWLockExclusive
HeapFree
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CopyFileExW
LoadLibraryA
FatalExit
GetProcAddress
VirtualProtect

kernelbase

SleepConditionVariableSRW
WaitOnAddress
WakeByAddressSingle
FlsAlloc
FlsSetValue
InitializeCriticalSectionEx

ntdll

NtDeviceIoControlFile
NtCreateFile
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
NtCancelIoFileEx
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlUnwindEx

combase

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoInitializeEx

oleaut32

SafeArrayDestroy
VariantClear
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen
SafeArrayUnaccessData
SysFreeString
SafeArrayGetLBound
VariantClear

rstrtmgr

RmStartSession
RmRegisterResources
RmGetList
RmGetList

secur32

UnsealMessage
ApplyControlToken
SealMessage
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
UnsealMessage

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors
GetMonitorInfoW

ws2_32

ioctlsocket
WSASocketW
getsockname
getpeername
setsockopt
WSAIoctl
socket
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
WSAGetLastError
accept
closesocket
listen
bind
select
getsockopt
recv
send
WSASend
connect
shutdown
WSACleanup
bind

Sections

UPX0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b6ad1ea15356aea4060794d58f9d80d7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ucrtbase

bcrypt

crypt32

gdi32

kernel32

kernelbase

ntdll

combase

oleaut32

rstrtmgr

secur32

user32

ws2_32

Sections

UPX0 Size: 3.1MB - Virtual size: 3.1MB

UPX1 Size: 2.2MB - Virtual size: 2.2MB

UPX2 Size: 17KB - Virtual size: 17KB

UPX0
Size: 3.1MB - Virtual size: 3.1MB

UPX1
Size: 2.2MB - Virtual size: 2.2MB

UPX2
Size: 17KB - Virtual size: 17KB