4c37669d1b90c483c9cb7957cf5c5fe5

Sharing

Copy URL Twitter E-mail

General

Target

4c37669d1b90c483c9cb7957cf5c5fe5
Size

4.1MB
MD5

4c37669d1b90c483c9cb7957cf5c5fe5
SHA1

088456c689ba81e618f8d26ea4f2e5720766d13d
SHA256

9edbf92a209c209b90d73bd1887ee3c4cbad688f44b49f38f198af89b0ddf547
SHA512

6309665b70f23fb14a3cd0076a50b1e4911317f566af6bf8b49832dd8f17ed534752275f1101caa89e5b9b97a8c58a20fba22d37c49bea915768416fecbdd5c9
SSDEEP

49152:TTltcTINbN3D/AeD0pjGJ2yH+XUUzk4jHSlJkJQvgThJvGlLI4cbT9m:TxWkMDE2yirPjyluJfz+lJcng

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Новая папка/README.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Новая папка/README.exe
unpack001/Новая папка/View.exe

Files

4c37669d1b90c483c9cb7957cf5c5fe5
.rar
Новая папка/AnatomyZLP.zdt
Новая папка/BiochemZLP.zdt
Новая папка/BiologyZLP.zdt
Новая папка/HystologyZLP.zdt
Новая папка/Krok1ZLP.zdt
Новая папка/MicroBiologyZLP.zdt
Новая папка/PatAnatomyZLP.zdt
Новая папка/PatPhysiologyZLP.zdt
Новая папка/PharmakologyZLP.zdt
Новая папка/PhysiologyZLP.zdt
Новая папка/README.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 230KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Новая папка/View.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reso
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Новая папка/Біохімія.doc
.doc windows office2003
Новая папка/Гістологія.doc
.doc windows office2003
Новая папка/Мікробіологія.doc
.doc windows office2003
Новая папка/Патфізіологія.doc
.doc windows office2003
Новая папка/Прочти.html
.html

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 412KB

UPX1 Size: 230KB - Virtual size: 232KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

Size: - Virtual size: 368KB

.rdata Size: 198KB - Virtual size: 200KB

.reso Size: 5KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 412KB

UPX1
Size: 230KB - Virtual size: 232KB

.rsrc
Size: 6KB - Virtual size: 8KB

.rdata
Size: 198KB - Virtual size: 200KB

.reso
Size: 5KB - Virtual size: 8KB