597cb45a874d4fb086b5f089aaa23012[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

597cb45a874d4fb086b5f089aaa23012.bin
Size

1.1MB
MD5

597cb45a874d4fb086b5f089aaa23012
SHA1

4a235316582faf3e8f5c6599691955d0dfbf3f1c
SHA256

8fc23466703f3d0b951b6a853cab92fbcc6ad90adbf71920a6acae98e0d80f25
SHA512

0387f63ef28eebbe37680d8b1076fd059f84d3cbf51c6d3812b49e39f3a228df01d8ea3fd49006dcbbd693ce5fae3af5fbc266ede5d55d1878953ebf28c9bddc
SSDEEP

24576:KrshbMm64A5pAA5aVfHzq/Z7yAIRe7cxUhDSk:28MmhA5pAA6Hzq/xyAIRYcxUhDSk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ssClientWin3.0/winclient/ssc.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/holzed.exe
unpack001/ssClientWin3.0/winclient/ssc.exe

Files

597cb45a874d4fb086b5f089aaa23012.bin
.rar
changelog.txt
friends.ini
holzed.exe
.exe windows:4 windows x86 arch:x86

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsDialogMessageA

gdi32

SetMapMode

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteKeyA

oleaut32

VariantChangeType

Sections

.text
Size: 197KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
keys.txt
readme.txt
settings.ini
ssClientWin3.0/clientreadme.txt
ssClientWin3.0/winclient/skin/Thumbs.db
ssClientWin3.0/winclient/skin/base.bmp
ssClientWin3.0/winclient/skin/close1.bmp
ssClientWin3.0/winclient/skin/close2.bmp
ssClientWin3.0/winclient/skin/close3.bmp
ssClientWin3.0/winclient/skin/inactive.bmp
ssClientWin3.0/winclient/skin/minimize1.bmp
ssClientWin3.0/winclient/skin/minimize2.bmp
ssClientWin3.0/winclient/skin/minimize3.bmp
ssClientWin3.0/winclient/skin/offline.bmp
ssClientWin3.0/winclient/skin/online.bmp
ssClientWin3.0/winclient/skin/selectserver1.bmp
ssClientWin3.0/winclient/skin/selectserver2.bmp
ssClientWin3.0/winclient/skin/selectserver3.bmp
ssClientWin3.0/winclient/skin/skin.cfg
ssClientWin3.0/winclient/skin/ssclient.ico
ssClientWin3.0/winclient/ssc.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 327KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

beece77ce1457eeaeda3a4c8fd98bd8f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Sections

.text Size: 197KB - Virtual size: 372KB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 572KB

UPX1 Size: 327KB - Virtual size: 328KB

.rsrc Size: 13KB - Virtual size: 16KB

.text
Size: 197KB - Virtual size: 372KB

.rsrc
Size: 32KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 572KB

UPX1
Size: 327KB - Virtual size: 328KB

.rsrc
Size: 13KB - Virtual size: 16KB