9a112d4066ff3ff242f56e6332d586bf7f1179c649e0f69920adf9562867e892[.]zip[.]zip

General

Target

9a112d4066ff3ff242f56e6332d586bf7f1179c649e0f69920adf9562867e892.zip.zip
Size

207KB
MD5

09e2bd51135d9f746a1eff302e8f62b9
SHA1

ec5435f1e1a4553e6098a6b0d31f13144f16486b
SHA256

8d3f1a806f9c1c5f359fb5634541d35a1f7a8c43dc2ca4974c9dd9fd4f9acb2d
SHA512

c5de20719d5b7e2ea4e39dfe0f48ff9a1c1eb78cce4d92dad8660f7e74d10d53bb12ac37604e339b6920456166ff355602ca60e8094e4c9587824ef00a6bc8c4
SSDEEP

6144:PHutmPVXqfh2U6WHisKjKGBsm0lnKb9g8kbbuORo/z1:POSdq4CisKjKGB+WCzfE/p

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/gbp.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/USREX.EXE	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/USREX.EXE
unpack002/gbp.dll

Files

9a112d4066ff3ff242f56e6332d586bf7f1179c649e0f69920adf9562867e892.zip.zip
.zip

Password: infected
9a112d4066ff3ff242f56e6332d586bf7f1179c649e0f69920adf9562867e892.zip
.zip
USREX.EXE
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 201KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gbp.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ClearLock
ClearNVMFile
CreateCalEntry
CreatePBEntry
EndGBPMode
EraseCalEntry
ErasePBEntry
GetNVMFileSize
InitGBPMode
ReadCalDirectory
ReadCalEntry
ReadNVMFile
ReadPBDirectory
ReadPBEntry
WriteCalEntry
WriteNVMFile
WritePBEntry

Sections

.windows
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.linux
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.os2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 464KB

UPX1 Size: 201KB - Virtual size: 204KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Exports

Exports

Sections

.windows Size: - Virtual size: 28KB

.linux Size: 4KB - Virtual size: 4KB

.os2 Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 464KB

UPX1
Size: 201KB - Virtual size: 204KB

.rsrc
Size: 5KB - Virtual size: 8KB

.windows
Size: - Virtual size: 28KB

.linux
Size: 4KB - Virtual size: 4KB

.os2
Size: 1KB - Virtual size: 4KB