d589041bdfc1adbabfaaa7a333dd90d4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d589041bdfc1adbabfaaa7a333dd90d4.zip
Size

40KB
MD5

ce69d0af61ea2c9ef76d64fc0f1cefbb
SHA1

343b3bce20502a12f1ba71c769567d0ecbc85fd6
SHA256

8d60a63be25dba5557f689d30d1cd7c35f122f4c38ad18f2d5f7a70973352b10
SHA512

5ad828803be20da4bac5a1be96256a86e71d7d901c3b5d41042cd857a632a883ffe9c5b3ac7917af738f21a0db7b47b1ee9e8b4ac6353604688c2326d75ff980
SSDEEP

768:O+6JoeY1QOuwzVd02C9Woxp/+AiOpbR350HRs03GwiLTav:OnH1JpVfJss03ITav

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ba87769b40804b895b8b524fe9a45b44d51ceb4966088c57c79407c3dc4616bc	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ba87769b40804b895b8b524fe9a45b44d51ceb4966088c57c79407c3dc4616bc

Files

d589041bdfc1adbabfaaa7a333dd90d4.zip
.zip

Password: infected
ba87769b40804b895b8b524fe9a45b44d51ceb4966088c57c79407c3dc4616bc
.exe windows:4 windows x86 arch:x86

Password: infected

303c1853d8b725edb72154f63d99b2d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateMailslotW
GetTickCount
FreeConsole
TlsAlloc
CancelDeviceWakeupRequest
GetConsoleTitleW
SetCurrentDirectoryW
GetEnvironmentStrings
CreateNamedPipeA
OpenWaitableTimerW
CreateMailslotW
FindNextVolumeA
GetLocaleInfoW
GetFullPathNameW
FoldStringA
SetProcessAffinityMask
GetNumberFormatA
GlobalFindAtomW
AreFileApisANSI
HeapAlloc
LeaveCriticalSection
GetSystemInfo
GetProfileSectionA
RegisterWaitForSingleObjectEx
GetCommTimeouts
FindFirstVolumeA
CreateDirectoryExW
WritePrivateProfileSectionA
WriteConsoleOutputAttribute
DisconnectNamedPipe
SetConsoleOutputCP
SetCalendarInfoA
ReadConsoleOutputW
CopyFileA
SetConsoleScreenBufferSize
OpenEventA
WaitCommEvent
SetThreadPriority
AssignProcessToJobObject
GetComputerNameW
GetNamedPipeInfo

mscms

CreateMultiProfileTransform
ConvertIndexToColorName
GetCMMInfo
DisassociateColorProfileFromDeviceW
SelectCMM
DisassociateColorProfileFromDeviceA
OpenColorProfileW
CreateProfileFromLogColorSpaceW
GetColorDirectoryW
CreateProfileFromLogColorSpaceA
RegisterCMMA
AssociateColorProfileWithDeviceA
OpenColorProfileA
GetColorProfileElement
InstallColorProfileW
GetPS2ColorRenderingDictionary
GetStandardColorSpaceProfileW
SetColorProfileElementReference
GetColorProfileFromHandle
GetStandardColorSpaceProfileA
UninstallColorProfileW
GetCountColorProfileElements
SetColorProfileHeader
CloseColorProfile
GetColorProfileHeader
TranslateBitmapBits
SetColorProfileElementSize

msvcrt

fputc
_wtoi
atol
isdigit
_wexecle
memcpy
_lrotr
bsearch
wcsncmp
_wgetenv
fputws
_wspawnlp
ungetwc
_wexecv
_tempnam
fwrite
isprint
free
_wspawnve
wcscoll
_wspawnlpe
wcsspn
_wexeclpe
fflush
strtok
_fgetwchar
_wgetdcwd
wcscmp
_vsnwprintf
_wremove
_flsbuf

ole32

CreateStreamOnHGlobal
CoRegisterPSClsid
HMENU_UserSize
CoCopyProxy
OleTranslateAccelerator
OleRun
CreateILockBytesOnHGlobal
StgIsStorageILockBytes

winmm

midiOutMessage
midiInGetDevCapsW
midiInStart
midiStreamPause
mciGetErrorStringW
mmioSetBuffer
waveOutClose
PlaySoundA
mixerGetDevCapsW
midiOutGetErrorTextW
waveOutGetErrorTextA
mmioDescend
mciGetDeviceIDFromElementIDA
waveInAddBuffer
mciGetYieldProc
joyGetThreshold
waveInUnprepareHeader
mixerGetLineInfoA
auxGetNumDevs
joySetCapture
midiStreamProperty
waveOutGetErrorTextW
mixerGetNumDevs
waveInStart
midiStreamClose
midiInClose
joyGetPosEx
waveOutGetID
waveOutPrepareHeader
waveInGetPosition
midiStreamStop
auxOutMessage
mciGetDeviceIDA
mixerGetDevCapsA
midiInGetErrorTextA

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

303c1853d8b725edb72154f63d99b2d9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscms

msvcrt

ole32

winmm

Sections

UPX0 Size: 52KB - Virtual size: 52KB

UPX1 Size: 32KB - Virtual size: 32KB

.rsrc Size: 72KB - Virtual size: 72KB

UPX0
Size: 52KB - Virtual size: 52KB

UPX1
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 72KB - Virtual size: 72KB