Downloads[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Downloads.rar
Size

226KB
MD5

fe8bf5ab6691027e4357fbc54a8860ad
SHA1

28a6d871f8c1bff9aa397f63b92d8a6c94217a5b
SHA256

31562a3bd3b3792825f54f3e55411c5723baf084326bffcbbd20eb02c5f8130a
SHA512

aa6ff6213eee33d1d22abc54a332b63d7c147b3fc7f5ca5212baeec64b66db71097291af10bdf31fbe571f6d9d0f03384ea982965e3012e9795f270e615f5dcd
SSDEEP

6144:A9dddfidkXVdiL0ZHpCyyAnHM76Ydkg6kuKN:eddV1AqHpdyAnsug69k

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/LuaDecompiler.exe
unpack002/.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/luac.exe
unpack002/.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/luadec.exe

Files

Downloads.rar
.rar

Password: 1234
FenixZoneTextdrawCFG.luac
LUA Decompiler by. Nagato Gamer.rar
.rar

Password: 1234
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/LuaDecompiler.exe
.exe windows:4 windows x86 arch:x86

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WIN7\SVN\TMS\branches\LuaDecompiler\LuaDecompiler\obj\x86\Release\LuaDecompiler.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/b/speed_client.lua
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/c/Cliente.lua
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/compare.rb
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/images/Thumbs.db
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/luac.exe
.exe windows:5 windows x86 arch:x86

Password: 1234

2cb6ea56a06dcc2a18920aea2f744647

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Documents\Visual Studio 2008\Projects\luadec_org\Release\luac.pdb

Imports

msvcr90

strchr
fread
freopen
realloc
getc
isprint
putchar
longjmp
strtod
sprintf
strncat
isspace
strncpy
strcspn
strtoul
strcoll
localeconv
isalnum
isalpha
isdigit
iscntrl
_amsg_exit
__getmainargs
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
ungetc
free
feof
exit
fclose
fwrite
ferror
fprintf
fopen
printf
_errno
__iob_func
_cexit
strerror
_setjmp3
_CIpow
floor
memcpy

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/luadec.exe
.exe windows:5 windows x86 arch:x86

Password: 1234

7e5540ea27da0f3dd10af8312caa3165

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Documents\Visual Studio 2008\Projects\luadec_org\Release\luadec.pdb

Imports

msvcr90

_vsnprintf
realloc
feof
strerror
ungetc
strchr
_errno
fopen
fread
ferror
freopen
fclose
getc
strtod
strncat
isspace
strcspn
strtoul
strcoll
longjmp
localeconv
isdigit
iscntrl
_amsg_exit
strncpy
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
strrchr
isalpha
isalnum
strstr
calloc
free
exit
fprintf
printf
atoi
__iob_func
malloc
__getmainargs
sprintf
_strdup
_setjmp3
_CIpow
floor
memcpy

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.LUA Decompiler by. Nagato Gamer/.LUA Decompiler/luadecguess.rb
.vbs
Velo.luac

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 358KB - Virtual size: 357KB

.rsrc Size: 349KB - Virtual size: 348KB

.reloc Size: 512B - Virtual size: 12B

Password: 1234

2cb6ea56a06dcc2a18920aea2f744647

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 936B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 3KB - Virtual size: 2KB

Password: 1234

7e5540ea27da0f3dd10af8312caa3165

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 255KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 358KB - Virtual size: 357KB

.rsrc
Size: 349KB - Virtual size: 348KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 936B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 255KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 5KB - Virtual size: 5KB