The provenance of this file is highly suspicious, so I uploaded it to VirusTotal:
https://www.virustotal.com/gui/file/9b23239b9ab9104fe0865e309ba760ea407a867576d40a031d703b4d3530cd59/detection
VirusTotal finds nothing but appears to identify it as zip encrypted.
When avast! encounters such a file it will report “password protected” and reveal nothing.
I have a purported PWD for the file. Is there an online analyzer that will accept that PWD and look at what’s inside?
Thanks.
Pondus
2
it can not be scanned if password protected, that is the hole idea with password protecting, only those that has the password can look inside
some online scanners can unpack and scan password protected Archives IF the password is “virus” or “infected”
If you have the password you can unpack and upload to VT what is inside the zip Archive
What if it’s a self-executing file though?
Pondus
4
I think the file must have a .exe file extension and not .zip to be self-extracting … or?
Did you get this in mail?
Was it a mail you expected to receive?
May be password protected to avoid mailserver antivirus detection
Pondus
5
Thank you so much for all your help.
Pondus
7
New at VT today First Submission 2019-08-14 12:38:47
Seems to contact this URL zvaleriefs96.com/ to download the payload
URL is blacklisted and taken down so no payload to find
https://www.virustotal.com/gui/url/f129f831ce78e2ce1e042f32184674c93374c4c9b88e68cce99a7d6ae91629c4/detection
Thanks to: David H. Lipman for analysis