Extracted

• • Target

    101.exe

  • Size

    7.8MB

  • MD5

    d151ec74b0a409363d9401eeb348efaa

  • SHA1

    36aefe3ff9c3f0d0318288259b2b7473855972fd

  • SHA256

    def365ca4816c8d33a32a6ccf7632a875c77672c2c148d6720e8b26f66e5eec6

  • SHA512

    053d850ef72a40d11735f927bf17f6df542eba622895c3a61c9294d79037c67330dfe7a6b81ec50e3a2bd8612504bdbf81161aae7925be8e2612c752725022ec

  • SSDEEP

    196608:LIRcbH4jSteTGvzxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuzxwZ6v1CPwDv3uFteg2EeJUO9E

  Score

  7^/10

  upx

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2