File is Suspicious but Zip Encrypted...

The provenance of this file is highly suspicious, so I uploaded it to VirusTotal:

https://www.virustotal.com/gui/file/9b23239b9ab9104fe0865e309ba760ea407a867576d40a031d703b4d3530cd59/detection

VirusTotal finds nothing but appears to identify it as zip encrypted.

When avast! encounters such a file it will report “password protected” and reveal nothing.

I have a purported PWD for the file. Is there an online analyzer that will accept that PWD and look at what’s inside?

Thanks.

it can not be scanned if password protected, that is the hole idea with password protecting, only those that has the password can look inside

some online scanners can unpack and scan password protected Archives IF the password is “virus” or “infected”

If you have the password you can unpack and upload to VT what is inside the zip Archive

What if it’s a self-executing file though?

I think the file must have a .exe file extension and not .zip to be self-extracting … or?

Did you get this in mail?
Was it a mail you expected to receive?
May be password protected to avoid mailserver antivirus detection

Scan result … file is infected
https://www.virustotal.com/gui/file/fe35a60355f26b8205dc659ebc3e4f8ced047ab6ff70b976cc48fb607bb744a6/detection

A downloader, guessing it will download and run ransomware

Thank you so much for all your help.

New at VT today First Submission 2019-08-14 12:38:47

Seems to contact this URL zvaleriefs96.com/ to download the payload

URL is blacklisted and taken down so no payload to find
https://www.virustotal.com/gui/url/f129f831ce78e2ce1e042f32184674c93374c4c9b88e68cce99a7d6ae91629c4/detection

Thanks to: David H. Lipman for analysis

Avast detects it now.