ytstealer | c8434e5546f62440bcc26ce8b1b620d7772e44630893e3b5d06e8ad4e113d55b[.]rl[.]zip

General

Target

c8434e5546f62440bcc26ce8b1b620d7772e44630893e3b5d06e8ad4e113d55b.rl.zip
Size

5.0MB
MD5

dedc25da6e88560309c8e72af753abff
SHA1

498e24b336f937a495fd2c678a1cefad00ef2a65
SHA256

53f838b7dd1eca1ba0fb9f7accf923d613eae20ebd81647179d356ff201f2458
SHA512

54fcc11cc8d6e59c25b15f1dbaf954bb96732d86367820aeb68247e82f1cdec8c363d24b0f24410e9a87698bd1e6cca5bd80948cf84288baac0a3b2fa89faef1
SSDEEP

98304:isAtOPzEtdVp8laL9ob8Lp0/vDHNQjTMjlS2YHtP6/5W6iWRJaCy9w5sgq:iKL8p66obYYvDZlpBT9Jp1q

Score

10^/10

upx ytstealer

YTStealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/0099da3acbf4982f1d1ad92978afa3aa38d17258.rl	family_ytstealer

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/0099da3acbf4982f1d1ad92978afa3aa38d17258.rl	upx

c8434e5546f62440bcc26ce8b1b620d7772e44630893e3b5d06e8ad4e113d55b.rl.zip
.zip

Password: infected
0099da3acbf4982f1d1ad92978afa3aa38d17258.rl
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_dummy_export
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
doneTrampoline
preUpdateHookTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

UPX0
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 245KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE