Orion Free NEWEST[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Orion Free NEWEST.zip
Size

4.5MB
MD5

9d78ec5ee9633403a335607f7f00e7de
SHA1

445f3c24772a8f871bdd416f4bb4d784c9624acd
SHA256

0dee4630b9e119057d0eec2a7e260da8d4cb13c8af67846981807425a58caf58
SHA512

e8a5ee03c65af6f401f6fa5d4d883a3a7fc9bb241db45599a08f95a6077d61c3029b6adae10d3a099aae28a09206bf83846f19f5be5c7d3430733b71cf1a09aa
SSDEEP

98304:mAOqzkJhtNIqCY7sEl4rYoX03ze/DIqiw1iFBQejgSyY3jL:mAsNOo4pSze/xiwogSyYf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Orion Free NEWEST/OrionRAT.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Orion Free NEWEST/OrionRAT.exe
unpack002/out.upx
unpack001/Orion Free NEWEST/Stub/Stub.exe

Files

Orion Free NEWEST.zip
.zip
Orion Free NEWEST/OrionRAT.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 6.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 904KB - Virtual size: 903KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 148KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Orion Free NEWEST/Settings.ini
Orion Free NEWEST/Stub/Stub.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 6.9MB

UPX1 Size: 4.2MB - Virtual size: 4.2MB

.rsrc Size: 65KB - Virtual size: 68KB

Headers

File Characteristics

Sections

.text Size: 904KB - Virtual size: 903KB

.itext Size: 3KB - Virtual size: 3KB

.data Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 148KB

.idata Size: 13KB - Virtual size: 13KB

.tls Size: - Virtual size: 56B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 60KB - Virtual size: 60KB

.rsrc Size: 9.9MB - Virtual size: 9.9MB

Headers

File Characteristics

Sections

CODE Size: 281KB - Virtual size: 281KB

DATA Size: 176KB - Virtual size: 176KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 15KB - Virtual size: 15KB

.rsrc Size: 7KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 6.9MB

UPX1
Size: 4.2MB - Virtual size: 4.2MB

.rsrc
Size: 65KB - Virtual size: 68KB

.text
Size: 904KB - Virtual size: 903KB

.itext
Size: 3KB - Virtual size: 3KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 148KB

.idata
Size: 13KB - Virtual size: 13KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

CODE
Size: 281KB - Virtual size: 281KB

DATA
Size: 176KB - Virtual size: 176KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 7KB - Virtual size: 7KB