VC[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

VC.rar
Size

995.6MB
MD5

ff43ea189f94f2d3ebb8bcd29b62c745
SHA1

ed5acd2979072d3fde960c19d88eb503ac5a87c0
SHA256

bab4618d383d80da2d8d28ec537622f974675833d71b73581e42675d1c35abf3
SHA512

68b6f8dc7e6330cf4d3f7ba96187e61ac6b3e383425f0c40548e610dfe958f25f5b6291df0785330c4ed72360ba4924ebc9dfaf7a2d9f80afe5763cee85cf9ee
SSDEEP

25165824:bNuPekzhXEZ1TFELUPNbR3lLkG1XF3zByOKWtcjiJtyxD:bN0hX0HvPL13zIwtyR

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack001/autorun.exe
unpack001/data/fargus.scr

Files

VC.rar
.rar
Autorun.inf
Setup.exe
.exe windows:4 windows x86 arch:x86

a1cc3ebca20750fea9a269fc4e1bb288

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerInstallFileA

kernel32

GetModuleHandleA
GetCommandLineA
AddAtomA
lstrcpyA
GetStartupInfoA
ExitProcess
LockResource
SetErrorMode
LocalFree
FormatMessageA
CreateProcessA
LoadResource
FindResourceA
OpenEventA
FindResourceExA
DeleteFileA
SetEvent
CreateDirectoryA
lstrcpynA
lstrlenA
lstrcatA
lstrcmpiA
GetLastError
GetFileAttributesA
SetFileAttributesA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetTempFileNameA
RemoveDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GetPrivateProfileStringA
GetUserDefaultLangID
GetModuleFileNameA
RtlUnwind
GetAtomNameA
lstrlenW
Sleep
CloseHandle
WaitForSingleObject
WideCharToMultiByte
GetShortPathNameA
CreateFileA
CopyFileA
GetTempPathA

user32

GetDC
ReleaseDC
LoadImageA
CreateDialogParamA
EndPaint
MessageBoxA
GetWindowLongA
EndDialog
BeginPaint
TranslateMessage
SetWindowLongA
DialogBoxIndirectParamA
DestroyWindow
CreateDialogIndirectParamA
SetDlgItemTextA
GetClientRect
GetWindowRect
MoveWindow
CharLowerA
wsprintfA
PeekMessageA
IsDialogMessageA
GetDlgItem
DispatchMessageA
SendMessageA
CharUpperA
CharNextA
GetDesktopWindow

gdi32

BitBlt
UnrealizeObject
GetDeviceCaps
CreateHalftonePalette
GetObjectA
GetSystemPaletteEntries
GetDIBColorTable
CreatePalette
SelectPalette
RealizePalette
CreateCompatibleDC
DeleteDC
SelectObject

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA

ole32

CoInitialize
CoFreeAllLibraries
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
SafeArrayGetElement
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.ini
autorun.exe
.exe windows:4 windows x86 arch:x86

1f76da24b7ca85b712f493dbcbe3117e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetShortPathNameA
lstrcmpiA
CopyFileA
lstrlenA
lstrcatA
GetWindowsDirectoryA
lstrcpyA
TerminateProcess
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
WriteFile
LCMapStringW
CreateProcessA
LCMapStringA
SetEndOfFile
SetFilePointer
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
VirtualFree
WideCharToMultiByte
GetEnvironmentStrings
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
HeapDestroy
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapCreate

user32

GetMessageA
ReleaseDC
GetDC
GetDesktopWindow
SetWindowTextA
MoveWindow
GetClientRect
UpdateWindow
InvalidateRect
SetWindowLongA
PtInRect
ScreenToClient
ShowWindow
EndDialog
SystemParametersInfoA
EndPaint
BeginPaint
LoadImageA
GetCursorPos
SetCapture
DialogBoxParamA
SendMessageA

gdi32

CombineRgn
PtInRegion
DeleteDC
CreateHalftonePalette
CreateDIBSection
RealizePalette
SelectPalette
GetDeviceCaps
DeleteObject
CreateRectRgn
SelectObject
GetObjectA
CreateCompatibleDC
BitBlt

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/fargus.bmp
data/fargus.scr
.exe windows:4 windows x86 arch:x86

2ec89c7300d638a3705edd7580ea2643

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCommandLineA
FreeEnvironmentStringsW
WideCharToMultiByte
SetLastError
TlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
GetVersionExA
Sleep
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
ExitProcess
GetStartupInfoA
lstrlenA
RtlUnwind
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
WriteFile
VirtualFree
GetLastError
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
HeapCreate
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

user32

GetDesktopWindow
SetTimer
LoadImageA
SetWindowTextA
SetWindowRgn
MoveWindow
GetClientRect
UpdateWindow
InvalidateRect
SetWindowLongA
PtInRect
ScreenToClient
EndDialog
EndPaint
BeginPaint
GetCursorPos
SetCapture
SendMessageA
GetMessageA
GetWindowLongA
SetRect
GetForegroundWindow
IsWindow
SystemParametersInfoA
DefWindowProcA
SetCursor
PostMessageA
GetParent
PostQuitMessage
DispatchMessageA
TranslateMessage
CreateWindowExA
RegisterClassA
RegisterWindowMessageA
SetForegroundWindow
FindWindowA
LoadIconA
DialogBoxParamA
PeekMessageA
CharNextA
GetDC
ReleaseDC

gdi32

GetClipBox
CreateRectRgn
CreateCompatibleDC
GetObjectA
GetStockObject
Rectangle
CreatePen
CreateSolidBrush
OffsetRgn
SelectClipRgn
CreateEllipticRgn
SetBkMode
CombineRgn
PtInRegion
BitBlt
TextOutA
SelectObject
GetTextExtentPointA
SetTextColor
DeleteObject
CreateDIBSection
CreateFontA
CreatePolygonRgn
DeleteDC
CreateHalftonePalette
GetDeviceCaps
RealizePalette
SelectPalette

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data1.cab
data1.hdr
data2.cab
data3.cab
ikernel.ex_
layout.bin
settings
setup.inx

Sharing

General

Malware Config

Signatures

Files

a1cc3ebca20750fea9a269fc4e1bb288

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 107KB - Virtual size: 106KB

1f76da24b7ca85b712f493dbcbe3117e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 172KB - Virtual size: 169KB

2ec89c7300d638a3705edd7580ea2643

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 107KB - Virtual size: 106KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 172KB - Virtual size: 169KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB