ssf-win-x86_64-3[.]0[.]0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ssf-win-x86_64-3.0.0.zip
Size

10.3MB
MD5

cdd1fb8ac21239772f41eaf65b1bc955
SHA1

be0b9124800055ffa6b0bb532506472eb4755605
SHA256

329748f6ea665d1c398cc09f19cee5784d5356eaf8a49988c069d4bffbca9f26
SHA512

29bf0075ba33c47742e302399f0b2f98483c054d61c9ba92697e33bb85e2a7ed0eb1f1844948568946b24ae13220cfe3c562f3fbe6ab9828c47f87ae85a97809
SSDEEP

196608:JYNCrLNu/BdbrZNvT8Ovk9Y1Dp1tk7vyc+3nj23cEObBORNM:DrgBdbrnvASPuZ+3j1sRNM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ssf-win-x86_64-3.0.0/upx-ssf.exe	upx
static1/unpack001/ssf-win-x86_64-3.0.0/upx-ssfcp.exe	upx
static1/unpack001/ssf-win-x86_64-3.0.0/upx-ssfd.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ssf-win-x86_64-3.0.0/ssf.exe
unpack001/ssf-win-x86_64-3.0.0/ssfcp.exe
unpack001/ssf-win-x86_64-3.0.0/ssfd.exe
unpack001/ssf-win-x86_64-3.0.0/upx-ssf.exe
unpack001/ssf-win-x86_64-3.0.0/upx-ssfcp.exe
unpack001/ssf-win-x86_64-3.0.0/upx-ssfd.exe

Files

ssf-win-x86_64-3.0.0.zip
.zip
ssf-win-x86_64-3.0.0/certs/certificate.crt
ssf-win-x86_64-3.0.0/certs/dh4096.pem
ssf-win-x86_64-3.0.0/certs/private.key
ssf-win-x86_64-3.0.0/certs/server.crt
ssf-win-x86_64-3.0.0/certs/server.key
ssf-win-x86_64-3.0.0/certs/trusted/ca.crt
ssf-win-x86_64-3.0.0/ssf.exe
.exe windows x64

9d7285465b02ea32e9b68a7ea325aea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
FreeCredentialsHandle
QuerySecurityPackageInfoA

kernel32

GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
TlsAlloc
TlsGetValue
TlsFree
CreateMutexW
VerSetConditionMask
GetCurrentProcess
TerminateProcess
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
SetEvent
WaitForMultipleObjects
Sleep
WriteFile
ReadFile
DuplicateHandle
TlsSetValue
SleepEx
CreateEventW
CreateWaitableTimerA
SetWaitableTimer
CreateProcessA
CreateFileA
CreateNamedPipeA
GetCurrentThreadId
PeekNamedPipe
GetStdHandle
GetTimeZoneInformation
OutputDebugStringA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
MultiByteToWideChar
FormatMessageA
LocalFree
AreFileApisANSI
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GetFileType
GetModuleHandleW
GetProcAddress
FindClose
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
FreeLibrary
LoadLibraryW
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetModuleHandleExW
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SetEndOfFile
ExitProcess
CreateFileW
VerifyVersionInfoA
GetDriveTypeW
ExitThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
SetConsoleCtrlHandler
HeapFree
HeapAlloc
SetConsoleMode
ReadConsoleInputA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
QueryPerformanceFrequency
TryEnterCriticalSection
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetConsoleMode

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

shell32

SHGetFolderPathA

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

ws2_32

WSASend
WSARecvFrom
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
shutdown
setsockopt
select
ntohs
ntohl
getaddrinfo
WSASocketW
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSAStartup
WSASendTo
freeaddrinfo
WSAStringToAddressW
recv
send
listen
htons

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 335KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssf-win-x86_64-3.0.0/ssfcp.exe
.exe windows x64

dc81527a9391b1b9420441893870be16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
FreeCredentialsHandle
QuerySecurityPackageInfoA

kernel32

GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SleepEx
CreateMutexW
CreateEventW
CreateWaitableTimerA
SetWaitableTimer
VerSetConditionMask
GetCurrentProcess
TerminateProcess
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
WaitForMultipleObjects
Sleep
WriteFile
ReadFile
DuplicateHandle
CreateProcessA
CreateFileA
CreateNamedPipeA
VerifyVersionInfoA
GetSystemTimeAsFileTime
GetStdHandle
GetTimeZoneInformation
OutputDebugStringA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
MultiByteToWideChar
FormatMessageA
LocalFree
GetCurrentProcessId
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
GetModuleHandleW
GetProcAddress
LCMapStringW
AreFileApisANSI
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GetFileType
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
FreeLibrary
LoadLibraryW
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
RtlPcToFileHeader
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
HeapSize
RaiseException
RtlUnwindEx
ExitThread
GetCurrentThreadId
UnregisterWaitEx
GetModuleHandleExW
SetConsoleCtrlHandler
GetCurrentDirectoryW
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
ReadConsoleW
SetStdHandle
GetConsoleCP
FlushFileBuffers
QueryDepthSList
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
QueryPerformanceFrequency
TryEnterCriticalSection
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
ExitProcess

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

shell32

SHGetFolderPathA

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource

ws2_32

WSASendTo
WSARecvFrom
WSAIoctl
WSASetLastError
shutdown
setsockopt
select
ntohs
ntohl
listen
htons
getaddrinfo
ioctlsocket
getsockname
connect
closesocket
bind
accept
__WSAFDIsSet
WSASend
WSARecv
WSAGetLastError
WSACleanup
WSAStartup
WSASocketW
freeaddrinfo
WSAStringToAddressW
recv
send
htonl
getsockopt

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 339KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssf-win-x86_64-3.0.0/ssfd.exe
.exe windows x64

bcf7def5c18db9d28872570d839d6b20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
FreeCredentialsHandle
QuerySecurityPackageInfoA

kernel32

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
TerminateThread
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserAPC
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
Sleep
WriteFile
ReadFile
CloseHandle
DuplicateHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SleepEx
CreateMutexW
CreateEventW
CreateWaitableTimerA
SetWaitableTimer
CreateProcessA
CreateFileA
CreateNamedPipeA
VerifyVersionInfoA
GetSystemTimeAsFileTime
GetStdHandle
GetTimeZoneInformation
OutputDebugStringA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
MultiByteToWideChar
FormatMessageA
LocalFree
VerSetConditionMask
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
GetModuleHandleW
GetProcAddress
LCMapStringW
AreFileApisANSI
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GetFileType
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
FreeLibrary
LoadLibraryW
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
RtlPcToFileHeader
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
HeapSize
RaiseException
RtlUnwindEx
ExitThread
GetCurrentProcess
UnregisterWaitEx
GetModuleHandleExW
SetConsoleCtrlHandler
GetCurrentDirectoryW
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
SetStdHandle
ReadConsoleW
GetConsoleCP
FlushFileBuffers
QueryDepthSList
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
QueryPerformanceFrequency
TryEnterCriticalSection
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
GetCPInfo
EncodePointer
DecodePointer
CompareStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
ExitProcess

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

shell32

SHGetFolderPathA

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource

ws2_32

WSASendTo
WSASend
WSARecvFrom
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
shutdown
setsockopt
getaddrinfo
listen
ntohl
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSASocketW
freeaddrinfo
WSAStringToAddressW
recv
send
select
ntohs

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 338KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssf-win-x86_64-3.0.0/upx-ssf.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ssf-win-x86_64-3.0.0/upx-ssfcp.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ssf-win-x86_64-3.0.0/upx-ssfd.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d7285465b02ea32e9b68a7ea325aea3

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

user32

shell32

advapi32

ws2_32

mswsock

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 335KB - Virtual size: 356KB

.pdata Size: 152KB - Virtual size: 151KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 28KB - Virtual size: 28KB

dc81527a9391b1b9420441893870be16

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

user32

shell32

advapi32

ws2_32

mswsock

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 339KB - Virtual size: 360KB

.pdata Size: 159KB - Virtual size: 159KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 29KB - Virtual size: 29KB

bcf7def5c18db9d28872570d839d6b20

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

user32

shell32

advapi32

ws2_32

mswsock

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 338KB - Virtual size: 359KB

.pdata Size: 166KB - Virtual size: 165KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 29KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.1MB

UPX1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.2MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 335KB - Virtual size: 356KB

.pdata
Size: 152KB - Virtual size: 151KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 339KB - Virtual size: 360KB

.pdata
Size: 159KB - Virtual size: 159KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 29KB - Virtual size: 29KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 338KB - Virtual size: 359KB

.pdata
Size: 166KB - Virtual size: 165KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 29KB - Virtual size: 28KB

UPX0
Size: - Virtual size: 3.1MB

UPX1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 7KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 3.2MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 7KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 3.4MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 7KB - Virtual size: 8KB