Archive[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Archive.zip
Size

6.6MB
MD5

15fc602077dba17e153d0201ee2e24d2
SHA1

84f6dc4ab4f1567a0d3de445f455cf32b111ab3c
SHA256

98d15b17ed4f091dee7a9303aba97a0b98863893183887c874b4b68752b0a061
SHA512

b153733fdc5b57f5f2c7cb67589031789c07a528007dc8325f35c27d91f5e398a182528c5bcf8912525fbb14dae5a5a59eba0d84de8b4fefd327b4a2afce7c3d
SSDEEP

196608:hLrVmRhJuRdtW3gSGJ9OCXKc+SIR5tZexfuLUB:hLrVmnJdXCX/+SIRrZKKUB

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ImpREC.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Unpacker ExeCryptor.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ImpREC.dll
unpack001/Unpacker ExeCryptor.exe
unpack002/out.upx
unpack001/XEvil.exe
unpack001/lfs.dll
unpack001/lua53.dll

Files

Archive.zip
.zip
ImpREC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

RebuildImport

Sections

code
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsrc
Size: 238B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Unpacker ExeCryptor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XEvil.exe
.exe windows:5 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 568KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

h7b17g71
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 553KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1r06c0ke
Size: - Virtual size: 908KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

u3bqge.8
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ywbfvqar
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
XEvil_OpenPort80.reg
lfs.dll
.dll windows:4 windows x86 arch:x86

d1d52456323cc1ffc2c1de69a4aabca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua53

luaL_checkversion_
luaL_setfuncs
lua_pushvalue
lua_setglobal
lua_isstring
lua_tolstring
lua_settop
lua_type
lua_rawset
lua_gettop
luaL_optnumber
luaL_newmetatable
lua_createtable
lua_setfield
lua_pushcclosure
lua_touserdata
luaL_argerror
luaL_optinteger
luaL_checkoption
lua_newuserdata
lua_getfield
lua_setmetatable
luaL_checkudata
luaL_error
luaL_checklstring
lua_pushboolean
lua_pushnil
lua_pushstring
lua_pushfstring
lua_pushinteger

msvcr80

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_utime64
strerror
_errno
_chdir
free
_getcwd
realloc
_locking
_fileno
ftell
fseek
malloc
_setmode
_mkdir
_rmdir
_findclose
_findnext64i32
_findfirst64i32
sprintf
_stat64
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
CloseHandle
CreateFileA
GetLastError

Exports

Exports

luaopen_lfs

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lua53.dll
.dll windows:4 windows x86 arch:x86

32a8d3c2af9b0ee88dee1f5010fed0d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
_errno
_filbuf
_filelengthi64
_iob
_isctype
_pclose
_pctype
_popen
_setjmp
abort
acos
asin
atan2
atoi
calloc
ceil
clearerr
clock
cos
cosh
difftime
exit
exp
fclose
fflush
fgetpos
fgets
floor
fmod
fopen
fputc
fread
free
freopen
frexp
fsetpos
fwrite
getenv
gmtime
ldexp
localeconv
localtime
log
log10
longjmp
malloc
memchr
memcmp
memcpy
mktime
pow
rand
realloc
remove
rename
setlocale
setvbuf
sin
sinh
sqrt
srand
strchr
strcmp
strcoll
strerror
strftime
strlen
strpbrk
strrchr
strspn
strstr
strtod
system
tan
tanh
time
tmpfile
tmpnam
tolower
toupper
ungetc
vfprintf
wcslen

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_getuservalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resume
lua_rotate
lua_setallocf
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setuservalue
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yieldk
luaopen_base
luaopen_bit32
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

code Size: - Virtual size: 92KB

text Size: 49KB - Virtual size: 52KB

rsrc Size: 238B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 8KB - Virtual size: 5KB

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 5.5MB

.itext Size: - Virtual size: 36KB

.data Size: - Virtual size: 152KB

.bss Size: - Virtual size: 568KB

.idata Size: - Virtual size: 20KB

.didata Size: 26KB - Virtual size: 28KB

.edata Size: 512B - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 4KB

h7b17g71 Size: - Virtual size: 428KB

.rsrc Size: 553KB - Virtual size: 4.1MB

1r06c0ke Size: - Virtual size: 908KB

u3bqge.8 Size: 6.4MB - Virtual size: 6.4MB

ywbfvqar Size: 512B - Virtual size: 4KB

d1d52456323cc1ffc2c1de69a4aabca0

Headers

File Characteristics

Imports

lua53

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 988B

.rsrc Size: 512B - Virtual size: 428B

.reloc Size: 1024B - Virtual size: 896B

32a8d3c2af9b0ee88dee1f5010fed0d6

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 19KB - Virtual size: 18KB

/4 Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 2KB

.edata Size: 3KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

code
Size: - Virtual size: 92KB

text
Size: 49KB - Virtual size: 52KB

rsrc
Size: 238B - Virtual size: 4KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: - Virtual size: 5.5MB

.itext
Size: - Virtual size: 36KB

.data
Size: - Virtual size: 152KB

.bss
Size: - Virtual size: 568KB

.idata
Size: - Virtual size: 20KB

.didata
Size: 26KB - Virtual size: 28KB

.edata
Size: 512B - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 4KB

h7b17g71
Size: - Virtual size: 428KB

.rsrc
Size: 553KB - Virtual size: 4.1MB

1r06c0ke
Size: - Virtual size: 908KB

u3bqge.8
Size: 6.4MB - Virtual size: 6.4MB

ywbfvqar
Size: 512B - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 988B

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 1024B - Virtual size: 896B

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 19KB - Virtual size: 18KB

/4
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 6KB - Virtual size: 5KB