9145e75d53cb3a7463c43ef67382f04542a13f019bf4c6c2f7d8b59c22880808[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

9145e75d53cb3a7463c43ef67382f04542a13f019bf4c6c2f7d8b59c22880808.exe.zip
Size

789KB
MD5

f53e4c5824136ad3700970c2cc697dfd
SHA1

1203327b546a4ac01dc3c8455d3c0e1d4ce11690
SHA256

c028576bffbfa342f08ab4f7438ebb0fa77e7d9227eb857c5819262825d2c35a
SHA512

c00b6025ca6e846ce212cfe9efed092c753bfd7a842c8fc7da8d8584b0655721aa8d97d3b6021014a318c32339c29c12f767e9b1bfcd32af5e6d726f3fdc8d8d
SSDEEP

24576:Tc320UP29x9V80sGs7YLA7rWxpXIWIaUhM7zYQB9BCU:Tcm0UP280HLAPWxpYFaUhgD9QU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/9145e75d53cb3a7463c43ef67382f04542a13f019bf4c6c2f7d8b59c22880808.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9145e75d53cb3a7463c43ef67382f04542a13f019bf4c6c2f7d8b59c22880808.exe
unpack002/out.upx

Files

9145e75d53cb3a7463c43ef67382f04542a13f019bf4c6c2f7d8b59c22880808.exe.zip
.zip

Password: infected
9145e75d53cb3a7463c43ef67382f04542a13f019bf4c6c2f7d8b59c22880808.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 733KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

uv_accept
uv_async_init
uv_async_send
uv_backend_fd
uv_backend_timeout
uv_barrier_destroy
uv_barrier_init
uv_barrier_wait
uv_buf_init
uv_cancel
uv_chdir
uv_check_init
uv_check_start
uv_check_stop
uv_close
uv_cond_broadcast
uv_cond_destroy
uv_cond_init
uv_cond_signal
uv_cond_timedwait
uv_cond_wait
uv_cpu_info
uv_cwd
uv_default_loop
uv_disable_stdio_inheritance
uv_err_name
uv_exepath
uv_free_cpu_info
uv_free_interface_addresses
uv_freeaddrinfo
uv_fs_chmod
uv_fs_chown
uv_fs_close
uv_fs_event_init
uv_fs_fchmod
uv_fs_fchown
uv_fs_fdatasync
uv_fs_fstat
uv_fs_fsync
uv_fs_ftruncate
uv_fs_futime
uv_fs_link
uv_fs_lstat
uv_fs_mkdir
uv_fs_open
uv_fs_poll_init
uv_fs_poll_start
uv_fs_poll_stop
uv_fs_read
uv_fs_readdir
uv_fs_readlink
uv_fs_rename
uv_fs_req_cleanup
uv_fs_rmdir
uv_fs_sendfile
uv_fs_stat
uv_fs_symlink
uv_fs_unlink
uv_fs_utime
uv_fs_write
uv_get_free_memory
uv_get_process_title
uv_get_total_memory
uv_getaddrinfo
uv_guess_handle
uv_handle_size
uv_hrtime
uv_idle_init
uv_idle_start
uv_idle_stop
uv_inet_ntop
uv_inet_pton
uv_interface_addresses
uv_ip4_addr
uv_ip4_name
uv_ip6_addr
uv_ip6_name
uv_is_active
uv_is_closing
uv_is_readable
uv_is_writable
uv_kill
uv_last_error
uv_listen
uv_loadavg
uv_loop_delete
uv_loop_new
uv_mutex_destroy
uv_mutex_init
uv_mutex_lock
uv_mutex_trylock
uv_mutex_unlock
uv_now
uv_once
uv_pipe_bind
uv_pipe_connect
uv_pipe_init
uv_pipe_open
uv_pipe_pending_instances
uv_poll_init
uv_poll_init_socket
uv_poll_start
uv_poll_stop
uv_prepare_init
uv_prepare_start
uv_prepare_stop
uv_process_kill
uv_queue_work
uv_read2_start
uv_read_start
uv_read_stop
uv_ref
uv_req_size
uv_resident_set_memory
uv_run
uv_rwlock_destroy
uv_rwlock_init
uv_rwlock_rdlock
uv_rwlock_rdunlock
uv_rwlock_tryrdlock
uv_rwlock_trywrlock
uv_rwlock_wrlock
uv_rwlock_wrunlock
uv_sem_destroy
uv_sem_init
uv_sem_post
uv_sem_trywait
uv_sem_wait
uv_set_process_title
uv_setup_args
uv_shutdown
uv_signal_init
uv_signal_start
uv_signal_stop
uv_spawn
uv_stop
uv_strerror
uv_strlcat
uv_strlcpy
uv_tcp_bind
uv_tcp_bind6
uv_tcp_connect
uv_tcp_connect6
uv_tcp_getpeername
uv_tcp_getsockname
uv_tcp_init
uv_tcp_keepalive
uv_tcp_nodelay
uv_tcp_open
uv_tcp_simultaneous_accepts
uv_thread_create
uv_thread_join
uv_thread_self
uv_timer_again
uv_timer_get_repeat
uv_timer_init
uv_timer_set_repeat
uv_timer_start
uv_timer_stop
uv_tty_get_winsize
uv_tty_init
uv_tty_reset_mode
uv_tty_set_mode
uv_udp_bind
uv_udp_bind6
uv_udp_getsockname
uv_udp_init
uv_udp_open
uv_udp_recv_start
uv_udp_recv_stop
uv_udp_send
uv_udp_send6
uv_udp_set_broadcast
uv_udp_set_membership
uv_udp_set_multicast_loop
uv_udp_set_multicast_ttl
uv_udp_set_ttl
uv_unref
uv_update_time
uv_uptime
uv_walk
uv_write
uv_write2

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 733KB - Virtual size: 736KB

.rsrc Size: 136KB - Virtual size: 140KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 481KB - Virtual size: 480KB

.data Size: 48KB - Virtual size: 63KB

.rsrc Size: 256KB - Virtual size: 256KB

.reloc Size: 72KB - Virtual size: 72KB

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 733KB - Virtual size: 736KB

.rsrc
Size: 136KB - Virtual size: 140KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 481KB - Virtual size: 480KB

.data
Size: 48KB - Virtual size: 63KB

.rsrc
Size: 256KB - Virtual size: 256KB

.reloc
Size: 72KB - Virtual size: 72KB