SyncPro[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

SyncPro.rar
Size

450KB
MD5

cfe79774823ab8133bbf99769ca4220b
SHA1

5f5a1ba5da94b26748a69b7ebcba48915bc31ae7
SHA256

6c2e4c5e15176147ab9580ad7f7776b7445e495da651e0aba4e7e4b666b6e6be
SHA512

507ba46f0b4281f757c8bcd82d5a2de9679be3102ffc2ce70262e7b2e7e22e80c33f393b4c88d731de18ad5d05ecdabbb9284baca28e07e0eff2a9c71b6e0e23
SSDEEP

12288:wdfpOWvFlo4q2Y1rOWzvW8kOMh2TKDBKzjVc:wNx9wzvDnMhDDBKa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SyncPro/dControl.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

SyncPro.rar
.rar
SyncPro/Remove_SecurityComp/DisableDevDriveProtection.reg
SyncPro/Remove_SecurityComp/DisableLSAProtection.reg
SyncPro/Remove_SecurityComp/DisableMaintenanceTaskreportinginSecurityHealthUI.reg
SyncPro/Remove_SecurityComp/DisableMicrosoftVulnerabileDriverBlocklist.reg
SyncPro/Remove_SecurityComp/DisableSmartScreen.reg
SyncPro/Remove_SecurityComp/DisableSpyNetTelemetry.reg
SyncPro/Remove_SecurityComp/DisableSystemMitigations.reg
SyncPro/Remove_SecurityComp/DisableTamperProtection.reg
SyncPro/Remove_SecurityComp/DisableUAC.reg
SyncPro/Remove_SecurityComp/DisableVBS.reg
SyncPro/Remove_SecurityComp/ExploitGuard_d.reg
SyncPro/Remove_SecurityComp/MitigationofFaultTorelantHeap.reg
SyncPro/Remove_SecurityComp/RemovalofAnti-PhishingServices.reg
SyncPro/Remove_SecurityComp/Remove and Disable Microsoft Pluton.reg
SyncPro/Remove_SecurityComp/RemoveSecurityandMaintenance.reg
SyncPro/Remove_SecurityComp/RemoveWindowsDefenderFirewallRules.reg
SyncPro/Remove_defender/DisableAntivirusProtection.reg
SyncPro/Remove_defender/DisableDefenderPolicies.reg
SyncPro/Remove_defender/DisableDefenderandSecurityCenterNotifications.reg
SyncPro/Remove_defender/NomoreDelayandTimeouts.reg
SyncPro/Remove_defender/RemovalofWindowsDefenderAntivirus.reg
SyncPro/Remove_defender/RemoveDefenderTasks.reg
SyncPro/Remove_defender/RemoveServices.reg
SyncPro/Remove_defender/RemoveShellAssociation.reg
SyncPro/Remove_defender/RemoveSignatureUpdates.reg
SyncPro/Remove_defender/RemoveStartupEntries.reg
SyncPro/Remove_defender/RemoveWindowsWebThreat.reg
SyncPro/Remove_defender/RemoverofDefenderContextMenu.reg
SyncPro/Remove_defender/WindowsSettingsPageVisibility.reg
SyncPro/Script_Run.bat
SyncPro/dControl.exe
.exe windows:5 windows x86 arch:x86

Code Sign

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40
Certificate

Issuer

CN=Sordum Software

Not Before

11-09-2021 21:00

Not After

31-07-2030 21:00

Subject

CN=Sordum Software

Extended Key Usages

ExtKeyUsageCodeSigning

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4
Signer

Actual PE Digest

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SyncPro/del.bat
.bat .vbs
SyncPro/syncpro.bat
.bat .vbs
SyncPro/testing2.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

Code Sign

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40Certificate

Extended Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 492KB

UPX1 Size: 262KB - Virtual size: 264KB

.rsrc Size: 57KB - Virtual size: 60KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 56KB - Virtual size: 56KB

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4
Signer

UPX0
Size: - Virtual size: 492KB

UPX1
Size: 262KB - Virtual size: 264KB

.rsrc
Size: 57KB - Virtual size: 60KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 56KB - Virtual size: 56KB