General

  • Target

    Test.zip

  • Size

    66.8MB

  • MD5

    6bc9f95320051d90edcc1132d14f9533

  • SHA1

    3c40a168134b0b05c98ef1bd421c5a9a5bbb1c1f

  • SHA256

    ab00f950ca8e6738cf91851fac2575b13d972215024981df062a6542eee024ac

  • SHA512

    75e2be53a82cbe8889ef873ce2ee74867efeab622ff3268eb17a5751d068efcc80a30a12081634e711ca7f56f67c3341b8c67625a66995f3673925354c9474d9

  • SSDEEP

    1572864:uY2mMZp5dROb6j3UKWJCn3TZDO2S3ieOCzC:uOMZpblDUKWsn3TZHCzC

Score
8/10

Malware Config

Signatures

  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 29 IoCs

    Checks for missing Authenticode signature.

Files

  • Test.zip
    .zip
  • Amnesia.zip
    .zip
  • Amnesia/Amnesiadb/AmnesiaX.py
  • Amnesia/Amnesiadb/cert
  • Amnesia/Amnesiadb/config.json
  • Amnesia/Amnesiadb/loader.py
  • Amnesia/Amnesiadb/postprocess.py
  • Amnesia/Amnesiadb/process.py
  • Amnesia/Amnesiadb/rar.exe
    .exe windows:5 windows x64 arch:x64

    9a33888e10929c185d02249d2b55c15a


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/Amnesiadb/rarreg.key
  • Amnesia/Amnesiadb/requirements.txt
  • Amnesia/Amnesiadb/run.bat
    .bat .vbs
  • Amnesia/Amnesiadb/sigthief.py
  • Amnesia/Amnesiadb/stub.py
  • Amnesia/Amnesiadb/upx.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Amnesia/Amnesiadb/version.txt
  • Amnesia/Builder.bat
  • Amnesia/Custom/hash
  • Amnesia/Custom/icon.ico
  • Amnesia/Custom/unblock_sites.py
  • Amnesia/READme.txt
  • Amnesia/gui.py
  • Amnesia/variables/Scripts/dist/7zxa.dll
    .dll windows:4 windows x64 arch:x64

    e84ea73d0d9b417a1bc1810c7b836d4f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Amnesia/variables/Scripts/dist/Default.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/Default64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/DefaultEn.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/DefaultEn64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/Descript.ion
  • Amnesia/variables/Scripts/dist/Order.htm
    .html .js polyglot
  • Amnesia/variables/Scripts/dist/Rar.exe
    .exe windows:5 windows x64 arch:x64

    46d4a991088e70acda923a7cd0f9aa4c


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/Rar.txt
  • Amnesia/variables/Scripts/dist/RarExt.dll
    .dll windows:6 windows x64 arch:x64

    8f6f025c725ec2aa8498b3040d0a763c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Amnesia/variables/Scripts/dist/RarExt32.dll
    .dll windows:6 windows x86 arch:x86

    ea92b4bb5d9deec4628d0f78b0881df5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Amnesia/variables/Scripts/dist/RarExtInstaller.exe
    .exe windows:6 windows x64 arch:x64

    ff42caab74dab09e137a91d5dd30bdd2


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/RarExtLogo.altform-unplated_targetsize-32.png
    .png
  • Amnesia/variables/Scripts/dist/RarExtLogo.altform-unplated_targetsize-48.png
    .png
  • Amnesia/variables/Scripts/dist/RarExtLogo.altform-unplated_targetsize-64.png
    .png
  • Amnesia/variables/Scripts/dist/RarExtPackage.msix
    .appx
  • AppxBlockMap.xml
    .xml
  • AppxManifest.xml
  • AppxSignature.p7x
  • RarExtLogo.altform-unplated_targetsize-32.png
    .png
  • RarExtLogo.altform-unplated_targetsize-48.png
    .png
  • RarExtLogo.altform-unplated_targetsize-64.png
    .png
  • Square150x150Logo.png
    .png
  • StoreLogo.png
    .png
  • [Content_Types].xml
    .xml
  • Amnesia/variables/Scripts/dist/RarFiles.lst
  • Amnesia/variables/Scripts/dist/RarLng.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • Amnesia/variables/Scripts/dist/Resources.pri
  • Amnesia/variables/Scripts/dist/UnRAR.exe
    .exe windows:5 windows x64 arch:x64

    9a3fd0d5c7ee877d3223332fb22a7cf5


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/Uninstall.exe
    .exe windows:6 windows x64 arch:x64

    6aed8a1d48749f3ad36c3c72bcf9aeb1


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/Uninstall.lst
  • Amnesia/variables/Scripts/dist/WhatsNew.txt
  • Amnesia/variables/Scripts/dist/WinCon.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinCon64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinConEn.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinConEn64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR.exe
    .exe windows:6 windows x64 arch:x64

    3d1825a380415a76bb0ddaab646e1790


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/7zxa.dll
    .dll windows:4 windows x64 arch:x64

    e84ea73d0d9b417a1bc1810c7b836d4f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Default.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Default64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/DefaultEn.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/DefaultEn64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Descript.ion
  • Amnesia/variables/Scripts/dist/WinRAR/Order.htm
    .html .js polyglot
  • Amnesia/variables/Scripts/dist/WinRAR/Rar.exe
    .exe windows:5 windows x64 arch:x64

    46d4a991088e70acda923a7cd0f9aa4c


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Rar.txt
  • Amnesia/variables/Scripts/dist/WinRAR/RarExt.dll
    .dll windows:6 windows x64 arch:x64

    8f6f025c725ec2aa8498b3040d0a763c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/RarExt32.dll
    .dll windows:6 windows x86 arch:x86

    ea92b4bb5d9deec4628d0f78b0881df5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/RarExtInstaller.exe
    .exe windows:6 windows x64 arch:x64

    ff42caab74dab09e137a91d5dd30bdd2


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/RarExtLogo.altform-unplated_targetsize-32.png
    .png
  • Amnesia/variables/Scripts/dist/WinRAR/RarExtLogo.altform-unplated_targetsize-48.png
    .png
  • Amnesia/variables/Scripts/dist/WinRAR/RarExtLogo.altform-unplated_targetsize-64.png
    .png
  • Amnesia/variables/Scripts/dist/WinRAR/RarExtPackage.msix
    .appx
  • AppxBlockMap.xml
    .xml
  • AppxManifest.xml
  • AppxSignature.p7x
  • RarExtLogo.altform-unplated_targetsize-32.png
    .png
  • RarExtLogo.altform-unplated_targetsize-48.png
    .png
  • RarExtLogo.altform-unplated_targetsize-64.png
    .png
  • Square150x150Logo.png
    .png
  • StoreLogo.png
    .png
  • [Content_Types].xml
    .xml
  • Amnesia/variables/Scripts/dist/WinRAR/RarFiles.lst
  • Amnesia/variables/Scripts/dist/WinRAR/RarLng.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Resources.pri
  • Amnesia/variables/Scripts/dist/WinRAR/UnRAR.exe
    .exe windows:5 windows x64 arch:x64

    9a3fd0d5c7ee877d3223332fb22a7cf5


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Uninstall.exe
    .exe windows:6 windows x64 arch:x64

    6aed8a1d48749f3ad36c3c72bcf9aeb1


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Uninstall.lst
  • Amnesia/variables/Scripts/dist/WinRAR/WhatsNew.txt
  • Amnesia/variables/Scripts/dist/WinRAR/WinCon.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/WinCon64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/WinConEn.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/WinConEn64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/WinRAR.exe
    .exe windows:6 windows x64 arch:x64

    3d1825a380415a76bb0ddaab646e1790


    Code Sign

    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Zip.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/Zip64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/ZipEn.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/ZipEn64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/WinRAR/rarnew.dat
    .rar
  • Amnesia/variables/Scripts/dist/WinRAR/rarreg.key
  • Amnesia/variables/Scripts/dist/WinRAR/zipnew.dat
  • Amnesia/variables/Scripts/dist/Zip.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/Zip64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/ZipEn.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/ZipEn64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • Amnesia/variables/Scripts/dist/hacn.exe
    .exe windows:5 windows x64 arch:x64

    1af6c885af093afc55142c2f1761dbe8


    Headers

    Imports

    Sections

  • main.pyc
  • Amnesia/variables/Scripts/dist/icon.ico
  • Amnesia/variables/Scripts/dist/main.py
  • Amnesia/variables/Scripts/dist/main.spec
  • Amnesia/variables/Scripts/dist/rarnew.dat
    .rar
  • Amnesia/variables/Scripts/dist/rarreg.key
  • Amnesia/variables/Scripts/dist/setup.sfx
  • Amnesia/variables/Scripts/dist/xfs.conf
  • Amnesia/variables/Scripts/dist/zipnew.dat
  • python-3.10.11-amd64.exe
    .exe windows:5 windows x86 arch:x86

    d7e2fd259780271687ffca462b9e69b7


    Code Sign

    Headers

    Imports

    Sections