d9862ed09eb418b0b5b1ef3dfd6f6b52e875f70410157f0de457f5012234af5a

Sharing

Copy URL Twitter E-mail

General

Target

d9862ed09eb418b0b5b1ef3dfd6f6b52e875f70410157f0de457f5012234af5a
Size

630KB
MD5

164eee97be5d4c27fc19536b6d5e029c
SHA1

a5a09165fbf052cf3a6b5441aa1658b969f9bd62
SHA256

d9862ed09eb418b0b5b1ef3dfd6f6b52e875f70410157f0de457f5012234af5a
SHA512

2fe649562afc786f44fb0f997bce43f10730c7a56f02de2b0d2e64d1090960d03681498ced9242c44a533cdb1e84f42b3668c5d17ffe735abd5fdf5cdfc85767
SSDEEP

12288:f7w0o/xBPuCznQPCpFN0zyCy36iZ2mIlT7n8RITyjqDsaKlFjrraPZ2ok:f7GXP/zQPOguCyKiZm7y6yjAs97aPvk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/KeePass/KeePass.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KeePass/KeePass.exe
unpack002/out.upx

Files

d9862ed09eb418b0b5b1ef3dfd6f6b52e875f70410157f0de457f5012234af5a
.zip
KeePass/KeePass.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CPrivateConfig@@QAE@H@Z
??0CPwManager@@QAE@XZ
??0CommandLineOption@@QAE@ABV0@@Z
??0CommandLineOption@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0FullPathName@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CPrivateConfig@@UAE@XZ
??1CPwManager@@UAE@XZ
??1CommandLineOption@@QAE@XZ
??1FullPathName@@QAE@XZ
??_7CPrivateConfig@@6B@
??_7CPwManager@@6B@
?AccessPropertyStrArray@CPwManager@@QAEPAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@K@Z
?AddEntry@CPwManager@@QAEHPBU_PW_ENTRY@@@Z
?AddGroup@CPwManager@@QAEHPBU_PW_GROUP@@@Z
?BackupEntry@CPwManager@@QAEHPBU_PW_ENTRY@@PAH@Z
?CleanUp@CPwManager@@AAEXXZ
?DeleteEntry@CPwManager@@QAEHK@Z
?DeleteGroupById@CPwManager@@QAEHKH@Z
?DeleteLostEntries@CPwManager@@AAEKXZ
?DeserializeCustomKvp@CPwManager@@CA_NPBEAAU?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@Z
?Find@CPwManager@@QAEKPBDHKK@Z
?FixGroupTree@CPwManager@@QAEXXZ
?Get@CPrivateConfig@@QBEHPBDPAD@Z
?GetAlgorithm@CPwManager@@QBEHXZ
?GetBool@CPrivateConfig@@QBEHPBDH@Z
?GetCustomKvp@CPwManager@@QBEPBDPBD@Z
?GetEntry@CPwManager@@QAEPAU_PW_ENTRY@@K@Z
?GetEntryByGroup@CPwManager@@QAEPAU_PW_ENTRY@@KK@Z
?GetEntryByGroupN@CPwManager@@QBEKKK@Z
?GetEntryByUuid@CPwManager@@QAEPAU_PW_ENTRY@@PBE@Z
?GetEntryByUuidN@CPwManager@@QBEKPBE@Z
?GetEntryPosInGroup@CPwManager@@QBEKPBU_PW_ENTRY@@@Z
?GetGroup@CPwManager@@QAEPAU_PW_GROUP@@K@Z
?GetGroupById@CPwManager@@QAEPAU_PW_GROUP@@K@Z
?GetGroupByIdN@CPwManager@@QBEKK@Z
?GetGroupId@CPwManager@@QBEKPBD@Z
?GetGroupIdByIndex@CPwManager@@QBEKK@Z
?GetGroupTree@CPwManager@@QBEHKPAK@Z
?GetKeyEncRounds@CPwManager@@QBEKXZ
?GetLastChildGroup@CPwManager@@QBEKK@Z
?GetLastDatabaseHeader@CPwManager@@QBEPBU_PW_DBHEADER@@XZ
?GetLastEditedEntry@CPwManager@@QAEPAU_PW_ENTRY@@XZ
?GetNeverExpireTime@CPwManager@@SAXPAU_PW_TIME@@@Z
?GetNumberOfEntries@CPwManager@@QBEKXZ
?GetNumberOfGroups@CPwManager@@QBEKXZ
?GetNumberOfItemsInGroup@CPwManager@@QBEKPBD@Z
?GetNumberOfItemsInGroupN@CPwManager@@QBEKK@Z
?GetPropertyString@CPwManager@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?GetRawMasterKey@CPwManager@@QBEXPAE@Z
?InitPrimaryInstance@CPwManager@@QAEXXZ
?LockEntryPassword@CPwManager@@QAEXPAU_PW_ENTRY@@@Z
?MergeIn@CPwManager@@QAEXPAV1@HH@Z
?MoveEntry@CPwManager@@QAEXKKK@Z
?MoveGroup@CPwManager@@QAEHKK@Z
?MoveGroupEx@CPwManager@@QAEHKK@Z
?MoveGroupExDir@CPwManager@@QAEHKH@Z
?MoveInternal@CPwManager@@AAEXKK@Z
?NewDatabase@CPwManager@@QAEXXZ
?OpenDatabase@CPwManager@@QAEHPBDPAU_PWDB_REPAIR_INFO@@@Z
?ReadEntryField@CPwManager@@AAEHGKPBEPAU_PW_ENTRY@@@Z
?ReadGroupField@CPwManager@@AAEHGKPBEPAU_PW_GROUP@@@Z
?SaveDatabase@CPwManager@@QAEHPBDPAE@Z
?SerializeCustomKvp@CPwManager@@CAPAEABU?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@Z
?Set@CPrivateConfig@@QAEHPBD0@Z
?SetAlgorithm@CPwManager@@QAEHH@Z
?SetBool@CPrivateConfig@@QAEHPBDH@Z
?SetCustomKvp@CPwManager@@QAEHPBD0@Z
?SetEntry@CPwManager@@QAEHKPBU_PW_ENTRY@@@Z
?SetGroup@CPwManager@@QAEHKPBU_PW_GROUP@@@Z
?SetKeyEncRounds@CPwManager@@QAEXK@Z
?SetMasterKey@CPwManager@@QAEHPBDH0PBVCNewRandomInterface@@H@Z
?SetPropertyString@CPwManager@@QAEHKPBD@Z
?SetRawMasterKey@CPwManager@@QAEXPBE@Z
?SortGroup@CPwManager@@QAEXKK@Z
?SortGroupList@CPwManager@@QAEXXZ
?SubstEntryGroupIds@CPwManager@@QAEXKK@Z
?UnlockEntryPassword@CPwManager@@QAEXPAU_PW_ENTRY@@@Z
?_AddAllMetaStreams@CPwManager@@AAEHXZ
?_AddMetaStream@CPwManager@@AAEHPBDPAEK@Z
?_AllocEntries@CPwManager@@AAEXK@Z
?_AllocGroups@CPwManager@@AAEXK@Z
?_CanIgnoreUnknownMetaStream@CPwManager@@ABEHABU_PWDB_META_STREAM@@@Z
?_DeleteEntryList@CPwManager@@AAEXH@Z
?_DeleteGroupList@CPwManager@@AAEXH@Z
?_IsMetaStream@CPwManager@@ABEHPBU_PW_ENTRY@@@Z
?_LoadAndRemoveAllMetaStreams@CPwManager@@AAEK_N@Z
?_ParseMetaStream@CPwManager@@AAEXPAU_PW_ENTRY@@_N@Z
?_TransformMasterKey@CPwManager@@AAEHPBE@Z
?beginsWithPrefix@CommandLineOption@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?instance@CmdArgs@@SAABV1@XZ
?instance@CommandLineTokens@@SAABV1@XZ
?instance@Executable@@SAABVFullPathName@@XZ
?isOption@CommandLineOption@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?optionName@CommandLineOption@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?optionValue@CommandLineOption@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?optionValueOffset@CommandLineOption@@QBEIXZ
DeleteArrayCtx
FreeCurrentTranslationTable
GetCurrentTranslationTable
KP_Call
KP_Query
LoadTranslationTable
WU_GetFileNameSz
_IsUTF8String
_OpenLocalFile
_SortTrlTable
_StringToUTF8
_StringToUuid
_TRL
_UTF8BytesNeeded
_UTF8NumChars
_UTF8ToString

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KeePass/KeePass.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 580KB - Virtual size: 584KB

.rsrc Size: 156KB - Virtual size: 160KB

Headers

File Characteristics

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 224KB - Virtual size: 220KB

.data Size: 44KB - Virtual size: 62KB

.rsrc Size: 380KB - Virtual size: 377KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 580KB - Virtual size: 584KB

.rsrc
Size: 156KB - Virtual size: 160KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 224KB - Virtual size: 220KB

.data
Size: 44KB - Virtual size: 62KB

.rsrc
Size: 380KB - Virtual size: 377KB