aaaaaaaaaaaaaaaaaaaaaaaaa[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

aaaaaaaaaaaaaaaaaaaaaaaaa.7z
Size

3.7MB
MD5

dfb189bb95f84cd2d423229c523aab05
SHA1

cfd2220e85960365ad880f260057225e1e5bf2a4
SHA256

d4bd4ee9a16b2c5ef6071b5bb7854470784bf56b2f39324fdb4cab06f9624d66
SHA512

9383300c5dddfa0f242e5d20fb1183e7cf6c3dbc43def8a695fa1ce1c2eab520e7d951a077329b01d859a71b049418b6a5f0b44af1db5c7df01510f6816710f2
SSDEEP

98304:ecYqwYzKuseKgWkZTL/vf5o0zT+hPqi3EcnVrZ:e0zKveK3kVJo0+hPq5cZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/54e3a1b2fe8885fd65d02a34fca3772bd64c5324eeb3f4754fbbb579958efbb2	upx
static1/unpack001/567e12f44778ff1729cbe6f2736a778bbed60d02e37e818afcd68d7f0869061c	upx
static1/unpack001/da464f5af0543fced2728b46f8d37420235ae214b3e94105a358ca5818944d62	upx
static1/unpack001/f3583e865497a30d65806a3e3d5e1281731ee7f8aa5eedfa94b4244d49c63be8	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2e35e274cbc46d6d08d7c3b344335cc4a9cf6ea4c15582a4f6d1c30b182cae8f
unpack001/567e12f44778ff1729cbe6f2736a778bbed60d02e37e818afcd68d7f0869061c
unpack001/ac4e4fd50dfdfa15be401e75d2ec6b182f24d54a0b6252e69cf295107e096cd5
unpack001/da464f5af0543fced2728b46f8d37420235ae214b3e94105a358ca5818944d62
unpack001/f3583e865497a30d65806a3e3d5e1281731ee7f8aa5eedfa94b4244d49c63be8

Files

aaaaaaaaaaaaaaaaaaaaaaaaa.7z
.7z
2e35e274cbc46d6d08d7c3b344335cc4a9cf6ea4c15582a4f6d1c30b182cae8f
.exe windows:4 windows x86

d45f8006b59e66597c5cee0549ecafe8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LockWindowUpdate
LoadStringA
GetWindowThreadProcessId
GetWindowTextA
GetSystemMetrics
GetForegroundWindow
GetClassNameA
FindWindowExA
FindWindowA
ExitWindowsEx
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualQuery
TerminateProcess
SetSystemTime
SetLocalTime
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
OpenProcess
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetVersionExA
GetTickCount
GetThreadLocale
GetSystemTime
GetSystemDirectoryA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateMutexA
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

shell32

ShellExecuteExA

shlwapi

SHCopyKeyA
SHDeleteKeyA

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
54e3a1b2fe8885fd65d02a34fca3772bd64c5324eeb3f4754fbbb579958efbb2
.exe windows:4 windows x86

Code Sign

50:e0:a5:92:ec:64:3f:b9:44:54:78:2d:4a:dd:5c:e5
Certificate

Issuer

CN=ngvifdfiw

Not Before

02/03/2011, 22:01

Not After

31/12/2039, 23:59

Subject

CN=ngvifdfiw

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:d0:d8:de:a9:ea:f2:14:9c:6c:60:76:22:ca:52:e7:02:63:8d:40
Signer

Actual PE Digest

2c:d0:d8:de:a9:ea:f2:14:9c:6c:60:76:22:ca:52:e7:02:63:8d:40

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 9.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 446KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
567e12f44778ff1729cbe6f2736a778bbed60d02e37e818afcd68d7f0869061c
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 493KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VirusShare_77ec82697e93616d2e989ceb1088c04a.zip
.zip
VirusShare_815e4c61adc0063357bcb52e4eb13799.zip
.zip
VirusShare_91cf05fef394f30d8c19904c1d17e1cd.zip
.zip
VirusShare_fc75e96a6f00927a25393120febeb6b0.zip
.zip
ac4e4fd50dfdfa15be401e75d2ec6b182f24d54a0b6252e69cf295107e096cd5
.exe windows:4 windows x86

2f96e48189ebb275ab7a170a93558299

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord667
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaErase
ord632
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
ord608
__vbaFPException
__vbaUbound
__vbaVarCat
ord644
_CIlog
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaFpI4
__vbaVarTstGe
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaUI1Str
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
da464f5af0543fced2728b46f8d37420235ae214b3e94105a358ca5818944d62
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 350KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f3583e865497a30d65806a3e3d5e1281731ee7f8aa5eedfa94b4244d49c63be8
.exe windows:10 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 501KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d45f8006b59e66597c5cee0549ecafe8

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

shell32

shlwapi

Sections

.text Size: 101KB - Virtual size: 101KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

Code Sign

50:e0:a5:92:ec:64:3f:b9:44:54:78:2d:4a:dd:5c:e5Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2c:d0:d8:de:a9:ea:f2:14:9c:6c:60:76:22:ca:52:e7:02:63:8d:40Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 9.2MB

UPX1 Size: 446KB - Virtual size: 448KB

.rsrc Size: 109KB - Virtual size: 112KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 240KB

UPX1 Size: 493KB - Virtual size: 496KB

.rsrc Size: 3KB - Virtual size: 4KB

2f96e48189ebb275ab7a170a93558299

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 228KB - Virtual size: 226KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 350KB - Virtual size: 352KB

.rsrc Size: 16KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 501KB - Virtual size: 504KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 101KB - Virtual size: 101KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB

50:e0:a5:92:ec:64:3f:b9:44:54:78:2d:4a:dd:5c:e5
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2c:d0:d8:de:a9:ea:f2:14:9c:6c:60:76:22:ca:52:e7:02:63:8d:40
Signer

UPX0
Size: - Virtual size: 9.2MB

UPX1
Size: 446KB - Virtual size: 448KB

.rsrc
Size: 109KB - Virtual size: 112KB

UPX0
Size: - Virtual size: 240KB

UPX1
Size: 493KB - Virtual size: 496KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 228KB - Virtual size: 226KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 350KB - Virtual size: 352KB

.rsrc
Size: 16KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 501KB - Virtual size: 504KB

.rsrc
Size: 100KB - Virtual size: 100KB