a4119004f257bb61348ec4fad29cd18d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4119004f257bb61348ec4fad29cd18d
Size

37KB
MD5

a4119004f257bb61348ec4fad29cd18d
SHA1

6d99bd1330c6eb58cac16a7c1e2db7ea870651f1
SHA256

814225844fc92fa0a5b6330c1092a1adf38eb03d83600c3fa57161099b59e493
SHA512

d9ab576d067e24ee1d4c3fbe61d3b1d824f129ab94567cd041fb72cab5a220e2e686ecbac996803b760e416892772888186d9330ab4df36b6516f09bbd3f9996
SSDEEP

768:2l3+yxVWsNUjWOZ8M/qbuj3n7lL/T2mtECKWbj3MVTo/mAeUzJe9:2lrDNUj9Z8Vb63n7p/T2mGCKWbsTB0Jc

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack002/out.upx	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ha_netpass-v1.20/ha_netpass/netpass.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_netpass-v1.20/ha_netpass/netpass.exe
unpack002/out.upx

Files

a4119004f257bb61348ec4fad29cd18d
.rar
ha_netpass-v1.20/ha_netpass/netpass.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_netpass-v1.20/ha_netpass/netpass_lng.ini