29a-2[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a-2.zip
Size

1.3MB
MD5

dfae5b73bff815abfccdb131f076669b
SHA1

1a5ca409294e302de3b0e65b8dacea22deba3c6c
SHA256

12836edb50243d623958df4302d72e75868e23c0b5d03928bebd7f9b8d7c2c16
SHA512

d2c4b3cd6b205bcae7cbc29f4d9d4ae780ccf665e15113c6a836b7b5e9a3e8bcf1a6981ad5e0d755121e5be2d5c1ae2fdc3b266540a5da767faf2e21f8202381
SSDEEP

24576:u+8wbu3Y0lFh7HVEnNxmFJ1rrIfarTDeZcNeeZc:Iwi3dFJHKNEuaaOAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FILES/GETPROC.EXE
unpack004/CABANAS.EXE
unpack007/ESPERANT.EXE

Files

29a-2.zip
.zip
--------.---
29A#2.1_1
29A#2.1_2
29A#2.1_3
29A#2.1_4
29A#2.1_5
29A#2.1_6
29A#2.1_7
29A#2.1_8
29A#2.1_9
29A#2.1_A
29A#2.2_1
29A#2.2_2
.js
29A#2.2_3
.vbs
29A#2.2_4
.vbs
29A#2.2_5
.ps1
29A#2.2_6
29A#2.2_7
29A#2.2_8
29A#2.2_9
29A#2.2_A
29A#2.2_B
29A#2.3_1
29A#2.3_2
29A#2.3_3
29A#2.3_4
29A#2.3_5
29A#2.3_6
29A#2.3_7
29A#2.3_8
29A#2.3_9
29A#2.3_A
29A#2.3_B
29A#2.4_1
29A#2.4_2
29A#2.4_3
29A#2.4_4
29A#2.4_5
29A#2.4_7
29A#2.4_8
29A#2.4_9
29A#2.4_A
29A#2.4_B
29A#2.5_1
29A#2.5_2
29A#2.5_3
29A#2.5_4
29A#2.5_5
29A#2.5_6
.vbs
29A#2.5_7
29A#2.5_8
29A#2.5_9
29A#2.5_A
29A#2.5_B
29A#2.5_C
29A#2.5_D
29A#2.5_E
29A#2.5_F
29A#2.EXE
29A#2.ICO
29A#2.PIF
29ADATA1.DAT
29ADATA2.DAT
29ADATA3.DAT
FILEID_.DIZ
FILES/29A_INCS.ZIP
.zip
MZ.INC
PE.INC
USEFUL.INC
WIN32API.INC
FILES/GETPROC.EXE
.exe windows:1 windows x86 arch:x86

0db610bf3933b22b3ffd863964d1e929

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStdHandle
EnterCriticalSection
CloseHandle
FreeLibrary
GetCommandLineA
GetCurrentThreadId
CreateFileA
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetEnvironmentStrings
ExitProcess
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
GetStartupInfoA

user32

MessageBoxA
EnumThreadWindows

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FILES/IAVR.EXE
FILES/VIRUSES/ANDROID.ZIP
.zip
ANDROID.COM
FILES/VIRUSES/ANIMO.ZIP
FILES/VIRUSES/ANTI-ETA.ZIP
FILES/VIRUSES/BABYBUG.ZIP
FILES/VIRUSES/CABANAS.ZIP
.zip
CABANAS.EXE
.exe windows:1 windows x86 arch:x86

aa25bf63b57873c47f41aaf139fee93b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess
GetProcAddress
GetModuleHandleA

user32

MessageBoxA

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FILES/VIRUSES/CAP.ZIP
.zip
CAP.DOC
.doc windows office2003
FILES/VIRUSES/CARRIERS.ZIP
FILES/VIRUSES/DEMENTIA.ZIP
FILES/VIRUSES/DOGPAW.ZIP
FILES/VIRUSES/ELVIRA.ZIP
.zip
ELVIRA.COM
FILES/VIRUSES/ESPERANT.ZIP
.zip
ESPERANT.COM
.ps1
ESPERANT.EXE
.exe windows:4 windows x86 arch:x86

d233ebceca5a9a7590d8091000d1bbf7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
Sleep
lstrlenA
CreateEventA
OpenEventA
ExitThread
lstrcpyA
WaitForSingleObject
CreateThread
CreateProcessA
GlobalFree
lstrcmpA
ReadFile
GlobalAlloc
GetFileSize
CreateFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
CloseHandle

user32

DispatchMessageA
PostThreadMessageA
PostMessageA
DefWindowProcA
RegisterClassA
GetMessageA
CreateWindowExA

gdi32

GetStockObject

msvcrt

_acmdln
_initterm
__getmainargs
_controlfp
memcpy
_exit
_XcptFilter
exit
_adjust_fdiv
__setusermatherr
__set_app_type
__p__commode
__p__fmode
_except_handler3

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ESPO_NE.EXE
FILES/VIRUSES/GOLLUM.ZIP
.zip
GOLLUM.EXE
FILES/VIRUSES/HMABOOT.ZIP
FILES/VIRUSES/INSERT20.ZIP
FILES/VIRUSES/JACKY.ZIP
FILES/VIRUSES/LIZARD.ZIP
.zip
LIZARD.EXE
FILES/VIRUSES/NULSPACE.ZIP
FILES/VIRUSES/ORGASMAT.ZIP
.zip
FILES/VIRUSES/PARAG-30.ZIP
FILES/VIRUSES/PDNWARR1.ZIP
.zip
FILES/VIRUSES/PLY5175.ZIP
FILES/VIRUSES/REDCODE.ZIP
FILES/VIRUSES/SPIC2125.ZIP
.zip
FILES/VIRUSES/SSR19834.ZIP
FILES/VIRUSES/SUCKSEXE.ZIP
FILES/VIRUSES/TUPAC.ZIP
FILES/VIRUSES/WANDERER.ZIP
FILES/VIRUSES/YOUGOTIT.ZIP
FILES/VIRUSES/Z0MBIE.ZIP
FILES/VIRUSES/ZOHRA.ZIP
INTRODT1.DAT
INTRODT2.DAT

Sharing

General

Malware Config

Signatures

Files

0db610bf3933b22b3ffd863964d1e929

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 22KB - Virtual size: 24KB

DATA Size: 5KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

aa25bf63b57873c47f41aaf139fee93b

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 6KB

d233ebceca5a9a7590d8091000d1bbf7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 12B

.data Size: 512B - Virtual size: 352B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 14KB - Virtual size: 14KB

CODE
Size: 22KB - Virtual size: 24KB

DATA
Size: 5KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 6KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 12B

.data
Size: 512B - Virtual size: 352B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 14KB - Virtual size: 14KB