csrss-protected-signature[.]exe

General

Target

csrss-protected-signature.exe
Size

3.4MB
MD5

018143b465442fe584a1b98ad2c87b84
SHA1

95f66f02e851fe73eb201d3ef5a57e24b6eb60e9
SHA256

89f732a3a5b40bef9aec5071738449897a29de0ab0bf446c721c0de12313094b
SHA512

1fe8b25fddb8f49c53f0b57a9defa82539bd9d0a19434e55eaa7a62fddbc70db1ea9cdf42c8daf1c95061e0f67a4e765dec09c0f3c6b45ad81911d6c68256bfe
SSDEEP

98304:5MdXnXF2/c4wDau+gPuVC2GHaZyzSDm6r/GBMpgqRoQ4r7Pmejg2s:iZJxp+gPuc2GHaZG2uhXPg1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

csrss-protected-signature.exe
.exe windows x86

Password: test4124124

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bkjlaxzu
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pofpzydk
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: test4124124

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.6MB

UPX1 Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 3KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 3KB - Virtual size: 3KB

.idata Size: 512B - Virtual size: 8KB

Size: 512B - Virtual size: 2.9MB

bkjlaxzu Size: 1.8MB - Virtual size: 1.8MB

pofpzydk Size: 1024B - Virtual size: 8KB

UPX0
Size: - Virtual size: 4.6MB

UPX1
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 3KB

.idata
Size: 512B - Virtual size: 8KB

bkjlaxzu
Size: 1.8MB - Virtual size: 1.8MB

pofpzydk
Size: 1024B - Virtual size: 8KB