s[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

s.7z
Size

924KB
MD5

e1e25cf99caaca5be73b35414a4a9a2b
SHA1

68001dc481cdbc52a7b09cb6da234c5c741e80e8
SHA256

543b93497ca18e8da3f19caa4afd1e6fa94a409b3ed34037828d56e99a2a27de
SHA512

f9e087e1fabfbd84ed6a4de179f027af73d707619db27fdd8b982e2b069d55567f7f8c5e279f8ada0e2ef8565b912dd24a2861881eac2d5070a1f7191f807c06
SSDEEP

24576:q2oolC9CajRgDK2qsJEyXcFol2ut6nFslKVLuFlF:1ajRH1qcecqlYuFb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1.exe
unpack001/2.exe

Files

s.7z
.7z

Password: infected
1.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 704KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2.exe
.exe windows:5 windows x86 arch:x86

Password: infected

000df336b102b7e013d9ff8d13e523f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
TryEnterCriticalSection
TlsGetValue
HeapFree
FreeEnvironmentStringsA
GetModuleHandleW
GetConsoleAliasesA
LoadLibraryW
GetLocaleInfoW
GetAtomNameW
LCMapStringA
GetConsoleOutputCP
GetLastError
GetProcAddress
GetLongPathNameA
CreateNamedPipeA
LoadLibraryA
OpenWaitableTimerW
LocalAlloc
SetCurrentDirectoryW
VirtualLock
FindAtomA
GetModuleFileNameA
CreateWaitableTimerW
DebugBreakProcess
CompareStringA
LocalFree
SetFileAttributesW
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
LCMapStringW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 685KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 417B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 104KB

UPX1 Size: 704KB - Virtual size: 708KB

.rsrc Size: 48KB - Virtual size: 52KB

Password: infected

000df336b102b7e013d9ff8d13e523f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 685KB - Virtual size: 685KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 33KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 417B

.rsrc Size: 48KB - Virtual size: 48KB

UPX0
Size: - Virtual size: 104KB

UPX1
Size: 704KB - Virtual size: 708KB

.rsrc
Size: 48KB - Virtual size: 52KB

.text
Size: 685KB - Virtual size: 685KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 33KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 417B

.rsrc
Size: 48KB - Virtual size: 48KB