General
-
Target
$RRFAHBK.exe.zip
-
Size
20KB
-
MD5
09bc857480b6aa0b59dc754e0944303d
-
SHA1
fc73be5f7366445b16c09ee2ca1ffdb79191bfda
-
SHA256
b517917c2336bb524961de905366d555ecdc386a986b83e24a57544fa4dd695c
-
SHA512
003494e9a45150b62052d40d8bde479c5c29f1b6ab7e25907ebf2d40a7ec947465803b351f05837b326230abb144425e86cdda31cfa0b1d548ffe19afd90f9b8
-
SSDEEP
384:Ref7jBrBOkkArGjYzkYsE7mAy6N1sZfaJ6uY/uhNnB4raSmAeGiW466cy1i:RajtlbYYIpMgZCJ6L/uLBi+AtUcD
Malware Config
Signatures
-
resource yara_rule static1/unpack001/$RRFAHBK.exe upx
Files
-
$RRFAHBK.exe.zip.zip
Password: dangerous
-
$RRFAHBK.exe.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE