Behavioral task
behavioral1
Sample
IIS6_Exp(缩减版).exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
IIS6_Exp(缩减版).exe
Resource
win10v2004-20230703-en
General
-
Target
IIS6_Exp(缩减版).exe
-
Size
35KB
-
MD5
5e9e539aab1bacd00bebcba7b7549911
-
SHA1
61ffd2cbec5462766c6f1c44bd44eeaed4f3d2c7
-
SHA256
cfcb0748fa0874624d2e1d56b1f076469ae929e4afb0322b90c7cc6cec930855
-
SHA512
14c87bf19854e4bee59211c46fdc7e3cb65519732a9d41924fa174c26fe07663e2a255965aea1da02a075ea362e85e6c906d7d0cf191f0af80d7f50dabfd34ee
-
SSDEEP
768:jCuZ0KrhyP07YUHtzekGUMTV35piAFlXPNNR6OU3:m7Kl807zzeFpEAFdTR6V
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource IIS6_Exp(缩减版).exe unpack001/out.upx
Files
-
IIS6_Exp(缩减版).exe.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 33KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 4KB - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE