LRRP[.]EXE | Triage

General

Target

LRRP.EXE
Size

56KB
MD5

23d0f67caef114cae8521a3f09482933
SHA1

81ed609a5b5983ecde630ec6669c839adfff1279
SHA256

8e5331bbbb2fc24859a0710c6f943e3e0d6c68d061c125cd05c2eed08e1881c4
SHA512

eb6adfecd1433b84498d267c9cd987fea3d4307dc4fa47fb1f9d511d7a6f12727e9ef12c945026a78ec261aa1d5ebcfe484b298e03d09f04e229f20b9f92a316
SSDEEP

1536:N41H+05RcSTFmdxcPSAxZg9C3Cjz+W8eKffkfIlITA:KNDfQTuSQG9C3CjCW8eOF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Device/HarddiskVolume4/SDRSharp/bin/dsdplus/LRRP.EXE	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/SDRSharp/bin/dsdplus/LRRP.EXE
unpack002/out.upx

Files

LRRP.EXE
.zip

Password: YOIN=Tp689~u%u7n6|)x
Device/HarddiskVolume4/SDRSharp/bin/dsdplus/LRRP.EXE
.exe windows x86

Password: YOIN=Tp689~u%u7n6|)x

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT$XIA
Size: 26KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 28B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: YOIN=Tp689~u%u7n6|)x

Password: YOIN=Tp689~u%u7n6|)x

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 168KB

UPX1 Size: 56KB - Virtual size: 60KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.idata Size: 2KB - Virtual size: 2KB

_TEXT Size: 78KB - Virtual size: 78KB

.CRT$XIA Size: 26KB - Virtual size: 120KB

.reloc Size: 5KB - Virtual size: 5KB

.debug Size: 28B - Virtual size: 512B

UPX0
Size: - Virtual size: 168KB

UPX1
Size: 56KB - Virtual size: 60KB

UPX2
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 2KB

_TEXT
Size: 78KB - Virtual size: 78KB

.CRT$XIA
Size: 26KB - Virtual size: 120KB

.reloc
Size: 5KB - Virtual size: 5KB

.debug
Size: 28B - Virtual size: 512B