v1[.]0[.]0[.]5[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

v1.0.0.5.7z
Size

1.0MB
MD5

1a048aac97e725985579fea45e04b252
SHA1

6694abc793951a9bdd0ca779ced322730ae477a5
SHA256

45aa9180d89998e49f4e432e4e801c943639c0dab8603407b803ebf72723ea55
SHA512

c69fd52ff2fbbd44f1e75380d55ea8e34093e2b5374529a91ea60c92d6d86d605c1371f2a4ac591fe3184805777306f51e52bed2eee83b671c625514fdb0d72d
SSDEEP

24576:UQau44rj/b0XKGfjwfHSYU70K3WbHpwmPH0U:c0rj/bPGFgEO0U

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/v1.0.0.5/TestRun.exe	upx
static1/unpack001/v1.0.0.5/Yama.exe	upx
static1/unpack001/v1.0.0.5/ghost.exe	upx

Files

v1.0.0.5.7z
.7z

Password: infected
v1.0.0.5/ServerDll.dll
.dll windows x86

Password: infected

32b8c20c12eda01cfd75cde40a036914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExA
LocalFree
InitializeCriticalSection
CancelIo
DeleteCriticalSection
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetVersionExA
LocalSize
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
PeekNamedPipe
TerminateProcess
GetSystemDirectoryA
DisconnectNamedPipe
CreatePipe
GetCurrentProcess
Process32First
K32EnumProcessModules
OpenProcess
K32GetModuleFileNameExA
Process32Next
CreateToolhelp32Snapshot
CreateFileW
ReadConsoleW
SetStdHandle
LocalAlloc
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetConsoleMode
GetConsoleCP
lstrcatA
GetModuleHandleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
InitOnceExecuteOnce
SetLastError
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
GetProcessHeap
HeapSize
ExitProcess
GetLastError
GetLogicalDriveStringsA
HeapReAlloc
ReadFile
CreateProcessA
LocalReAlloc
GetVolumeInformationA
GetDriveTypeA
WriteFile
lstrlenA
GetTickCount
InterlockedExchange
VirtualAlloc
VirtualFree
CreateThread
ResumeThread
WaitForSingleObject
CloseHandle
CreateEventA
Sleep
TerminateThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetStringTypeW
MultiByteToWideChar
GetLocaleInfoEx
WideCharToMultiByte
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
SetEvent
FlushFileBuffers

user32

SetCapture
CloseClipboard
keybd_event
WindowFromPoint
MapVirtualKeyA
SetCursorPos
GetClipboardData
EmptyClipboard
BlockInput
OpenClipboard
LoadCursorA
SetClipboardData
GetCursorPos
mouse_event
DestroyCursor
ReleaseDC
GetCursorInfo
GetDC
EnumDisplaySettingsA
IsWindowVisible
PostMessageA
ShowWindow
GetWindowTextA
EnumWindows
MoveWindow
SetDlgItemTextA
DialogBoxParamA
SystemParametersInfoA
EndDialog
SendMessageA
SetFocus
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
CreateWindowExA
GetDesktopWindow
SetTimer
KillTimer
GetClientRect

gdi32

DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt

advapi32

ControlService
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
UnlockServiceDatabase
QueryServiceConfigA
OpenSCManagerA
ChangeServiceConfigA
StartServiceA
LockServiceDatabase
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFileInfoA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

winmm

waveInStart
waveInStop
waveOutPrepareHeader
waveOutGetNumDevs
waveOutOpen
waveInUnprepareHeader
waveOutUnprepareHeader
timeEndPeriod
waveInReset
waveInAddBuffer
waveInOpen
waveInPrepareHeader
waveOutReset
timeBeginPeriod
waveOutWrite
waveInClose
waveOutClose
waveInGetNumDevs
PlaySoundA

ws2_32

send
gethostname
getsockname
WSAIoctl
connect
WSAStartup
inet_addr
select
WSAGetLastError
htons
setsockopt
WSACleanup
recv
socket
closesocket

avicap32

capGetDriverDescriptionA

msvfw32

ICCompressorFree
ICSeqCompressFrameStart
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICClose
ICOpen
ICSendMessage

Exports

Exports

IsStoped
StopRun
TestRun

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v1.0.0.5/TestRun.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v1.0.0.5/Yama.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 793KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v1.0.0.5/ghost.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 112KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

32b8c20c12eda01cfd75cde40a036914

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

ws2_32

avicap32

msvfw32

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 35KB - Virtual size: 35KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 128KB

UPX1 Size: 60KB - Virtual size: 64KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 793KB - Virtual size: 796KB

.rsrc Size: 22KB - Virtual size: 24KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 27KB - Virtual size: 56KB

.rsrc Size: 222KB - Virtual size: 222KB

.reloc Size: 392KB - Virtual size: 392KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 112KB - Virtual size: 116KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 7KB - Virtual size: 19KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 35KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 128KB

UPX1
Size: 60KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 793KB - Virtual size: 796KB

.rsrc
Size: 22KB - Virtual size: 24KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 27KB - Virtual size: 56KB

.rsrc
Size: 222KB - Virtual size: 222KB

.reloc
Size: 392KB - Virtual size: 392KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 112KB - Virtual size: 116KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 35KB - Virtual size: 35KB