reg (infected)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

reg (infected).zip
Size

211KB
MD5

71950f3c69f8254ac14e5d01accd5000
SHA1

51a8916a9d5ab86d6d920a8284dffbec01735247
SHA256

ffe5cd1636ce438148c386b62ca88c11aaecd533939bd640d590abb157c2ad99
SHA512

b43c146a4284d239892643d5ead56d8d07bc3cfdb5594a617d1cf7a7c18d610bd8328394114b60bae3e5030daa68f663d8064bd2f6f6c25598fc9c557f97ec09
SSDEEP

6144:OkRkgpFww/3XNfWMYphOpLq1VusVcNZfi3h8:Tn5PXpWMYDoocNZfm8

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keymaker.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BC Reset 32-bit.exe
unpack001/BC Reset 64-bit.exe
unpack001/keymaker.exe
unpack001/msimg32.dll

Files

reg (infected).zip
.zip

Password: infected
BC Reset 32-bit.exe
.exe windows:4 windows x86 arch:x86

Password: infected

5877688b4859ffd051f6be3b8e0cd533

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BC Reset 64-bit.exe
.exe windows:4 windows x64 arch:x64

Password: infected

7182b1ea6f92adbf459a2c65d8d4dd9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

Sections

.code
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.txt
keymaker.exe
.exe windows:4 windows x86 arch:x86

Password: infected

820ab24e53af2dbafc74d24f87e40262

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

comctl32

InitCommonControls

kernel32

LoadLibraryA
GetProcAddress

Sections

UPX
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
msimg32.dll
.dll windows:4 windows x64 arch:x64

Password: infected

27e0cdc80f53858227a5685b198b3d46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memset
wcscmp
memmove
memcpy
strlen
strcpy
wcslen
malloc
free

kernel32

HeapCreate
HeapDestroy
DisableThreadLibraryCalls
WriteProcessMemory
GetSystemDirectoryW
GetModuleHandleW
UnregisterWait
CloseHandle
EnterCriticalSection
LeaveCriticalSection
HeapFree
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
TlsGetValue
HeapAlloc
GetCurrentProcess
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
TlsSetValue
GetModuleFileNameW
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
HeapReAlloc
MultiByteToWideChar

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.code
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5877688b4859ffd051f6be3b8e0cd533

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

winmm

ole32

shlwapi

Sections

.code Size: 14KB - Virtual size: 13KB

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 47KB - Virtual size: 47KB

Password: infected

7182b1ea6f92adbf459a2c65d8d4dd9e

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

winmm

ole32

shlwapi

user32

gdi32

comctl32

Sections

.code Size: 23KB - Virtual size: 22KB

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 19KB - Virtual size: 18KB

.pdata Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 47KB - Virtual size: 47KB

Password: infected

820ab24e53af2dbafc74d24f87e40262

Headers

File Characteristics

Imports

user32

comctl32

kernel32

Sections

UPX Size: 3KB - Virtual size: 8KB

UPX Size: 1024B - Virtual size: 4KB

UPX Size: 5KB - Virtual size: 12KB

.rsrc Size: 21KB - Virtual size: 36KB

UPX Size: 38KB - Virtual size: 37KB

Password: infected

27e0cdc80f53858227a5685b198b3d46

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 1KB - Virtual size: 1KB

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 681B

.pdata Size: 512B - Virtual size: 432B

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 980B

.reloc Size: 512B - Virtual size: 12B

.code
Size: 14KB - Virtual size: 13KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 47KB - Virtual size: 47KB

.code
Size: 23KB - Virtual size: 22KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 19KB - Virtual size: 18KB

.pdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 47KB - Virtual size: 47KB

UPX
Size: 3KB - Virtual size: 8KB

UPX
Size: 1024B - Virtual size: 4KB

UPX
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 21KB - Virtual size: 36KB

UPX
Size: 38KB - Virtual size: 37KB

.code
Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 681B

.pdata
Size: 512B - Virtual size: 432B

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 980B

.reloc
Size: 512B - Virtual size: 12B