9f578afb0544fabe73693799d34593893db3012e7c5e1c11ebece7e88edf1109

General

Target

9f578afb0544fabe73693799d34593893db3012e7c5e1c11ebece7e88edf1109
Size

8.1MB
MD5

5197032c04aee25fdecb7930a025eceb
SHA1

4863fdf790fe7205f02f099c60cc2f5b897bffbd
SHA256

9f578afb0544fabe73693799d34593893db3012e7c5e1c11ebece7e88edf1109
SHA512

d731eca529b19ae106da21008fdc3376723d27b9a15e94343ab2cf24215b2b1f980531b1807588a782d741846a1b9b6541f778e20ca1e38d92fcafc723249aa5
SSDEEP

196608:0A23oqMTNxE2NFqi6tqBhhyS0OQS/hLDOfJpWpklJwLktoec3wLz+:0A2Rl2TQtehhyXOfZmSklJKiMEz+

Score

9^/10

upx oss_ak

Malware Config

Signatures

detect oss ak 1 IoCs

oss ak information detected.

oss_ak

resource	yara_rule
static1/unpack001/out.upx	detect_ak_stuff

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9f578afb0544fabe73693799d34593893db3012e7c5e1c11ebece7e88edf1109
unpack001/out.upx

Files

9f578afb0544fabe73693799d34593893db3012e7c5e1c11ebece7e88edf1109
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

UPX0
Size: - Virtual size: 9.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 9.7MB

UPX1 Size: 7.9MB - Virtual size: 7.9MB

.rsrc Size: 142KB - Virtual size: 144KB

Headers

File Characteristics

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 9.2MB - Virtual size: 9.2MB

.data Size: 436KB - Virtual size: 943KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

UPX0
Size: - Virtual size: 9.7MB

UPX1
Size: 7.9MB - Virtual size: 7.9MB

.rsrc
Size: 142KB - Virtual size: 144KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 9.2MB - Virtual size: 9.2MB

.data
Size: 436KB - Virtual size: 943KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB