04d0748b0b7a476f0aa76f108bdd7ab296e4aa81adbb3ea757b0a0dc9f8bd9e8

Sharing

Copy URL

Twitter E-mail

General

Target

04d0748b0b7a476f0aa76f108bdd7ab296e4aa81adbb3ea757b0a0dc9f8bd9e8
Size

1.4MB
MD5

42e63dc1732acff89c1f6739b21e9161
SHA1

89a872c9f4cf71cf1c9d28d5b8e04e3578e6288e
SHA256

04d0748b0b7a476f0aa76f108bdd7ab296e4aa81adbb3ea757b0a0dc9f8bd9e8
SHA512

35b75a0e9fb7eea945cd0e9a502325a59fabc334744f6cdad8b946bedc722704750bf08ff73097d8d4dfb24a5d921dd93cccba39d7f1b7f4cb7b2f468155deac
SSDEEP

24576:WBBd78ATWDn4NoLx/ruMZnBEUbT3Qu36OCTk5ZsjWCWi8dK0NqiETsymYK:WXN8AKT4NoLJuEBdbqOC4cdod3q/oZYK

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/EditServer.exe	upx
static1/unpack001/SubSeven.exe	upx
static1/unpack001/server.exe	upx

Files

04d0748b0b7a476f0aa76f108bdd7ab296e4aa81adbb3ea757b0a0dc9f8bd9e8
.zip
EditServer.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ICQMAPI.dll
.dll windows x86

de91417e3b3138340a64a03b2ce56e3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoW
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetTickCount
InterlockedIncrement
CloseHandle
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
SetFilePointer
InterlockedDecrement
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
SetStdHandle
FlushFileBuffers
GetLocaleInfoA

user32

UnregisterClassA
SendMessageTimeoutA
IsWindow
RegisterClassA
SetWindowLongA
PostMessageA
FindWindowA
CreateWindowExA
DefWindowProcA

Exports

Exports

ICQAPICall_Generic
ICQAPICall_GetDockingState
ICQAPICall_GetFirewallSettings
ICQAPICall_GetFullOwnerData
ICQAPICall_GetFullUserData
ICQAPICall_GetGroupOnlineListDetails
ICQAPICall_GetIsOnline
ICQAPICall_GetOnlineListDetails
ICQAPICall_GetOnlineListHandle
ICQAPICall_GetOnlineListPlacement
ICQAPICall_GetOnlineListType
ICQAPICall_GetVersion
ICQAPICall_GetWindowHandle
ICQAPICall_RegisterNotify
ICQAPICall_SendExternal
ICQAPICall_SendFile
ICQAPICall_SendFile2
ICQAPICall_SendMessage
ICQAPICall_SendURL
ICQAPICall_SetLicenseKey
ICQAPICall_SetOwnerPhoneState
ICQAPICall_SetOwnerState
ICQAPICall_UnRegisterNotify
ICQAPIUtil_FreeGroup
ICQAPIUtil_FreeUser
ICQAPIUtil_FreeUsers
ICQAPIUtil_SetUserNotificationFunc

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PortRedirect.txt
SubSeven.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 599KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bothelptext.txt
defaultsettings.reg
disclaimer.txt
readme.txt
server.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 363KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 404KB - Virtual size: 404KB

.rsrc Size: 9KB - Virtual size: 12KB

de91417e3b3138340a64a03b2ce56e3f

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 15KB - Virtual size: 21KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 599KB - Virtual size: 600KB

.rsrc Size: 12KB - Virtual size: 16KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 692KB

UPX1 Size: 363KB - Virtual size: 364KB

.rsrc Size: 9KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 404KB - Virtual size: 404KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 15KB - Virtual size: 21KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 599KB - Virtual size: 600KB

.rsrc
Size: 12KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 692KB

UPX1
Size: 363KB - Virtual size: 364KB

.rsrc
Size: 9KB - Virtual size: 12KB