072405110f4d543efe5d9c37c324803bb69552ae04ce697e899817203637a3b5[.]7z

General

Target

072405110f4d543efe5d9c37c324803bb69552ae04ce697e899817203637a3b5.7z
Size

62KB
MD5

66746bb81afd41f6c31e4c78f684a75c
SHA1

e9b2c21b242af02ee7469c80f95d8404b51f7545
SHA256

880f9a07bcc2c4b2d65d74989f12d49f0d6b2984354f9af7c0b25151fbe96c6e
SHA512

5e75d352f24c687d490e434f7b216857b8c412699bcb277e66a6d6b8f3d245c9ae5e2a499ffcf7ab72f1a912e08a73a144790d89411dd64ebc914d2f1450d99b
SSDEEP

1536:SkCzZWfx3ikiH3Yr4/ihYaPFg2jG+mHF1Y9dufi//5k2TPTIIc8Y6X:SkYaMkiIXYDwG+mlCniSbI5J6X

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/072405110f4d543efe5d9c37c324803bb69552ae04ce697e899817203637a3b5	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/072405110f4d543efe5d9c37c324803bb69552ae04ce697e899817203637a3b5	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/072405110f4d543efe5d9c37c324803bb69552ae04ce697e899817203637a3b5
unpack002/out.upx

Files

072405110f4d543efe5d9c37c324803bb69552ae04ce697e899817203637a3b5.7z
.7z

Password: infected
072405110f4d543efe5d9c37c324803bb69552ae04ce697e899817203637a3b5
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 92KB

UPX1 Size: 61KB - Virtual size: 64KB

.rsrc Size: 6KB - Virtual size: 6KB

Headers

File Characteristics

Sections

CODE Size: 97KB - Virtual size: 96KB

DATA Size: 15KB - Virtual size: 15KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 124B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 6KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 92KB

UPX1
Size: 61KB - Virtual size: 64KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: 97KB - Virtual size: 96KB

DATA
Size: 15KB - Virtual size: 15KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 124B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 6KB