c1f2f81d2b9a31a7a9ca44b2676a8694

Sharing

Copy URL Twitter E-mail

General

Target

c1f2f81d2b9a31a7a9ca44b2676a8694
Size

267KB
MD5

c1f2f81d2b9a31a7a9ca44b2676a8694
SHA1

67ee5ce0b69af75a56fff1006342411ffcc634db
SHA256

facf703af31e4f9d0f6cc2ccd27427d34f124f5a3865c87cc2aa2ec91f915fb6
SHA512

e1a888e6599638483173dad01837099a9be173b80ee8a4852d79d1c759fdca498207da325354fe9b4310411551d9fad1747437a9f1dcca6c6967710453418baa
SSDEEP

6144:0uVX/JrqG+742ceZ239TDaEtn/GPf/6A5350kveumd3RJ6H:0u1Jr5D2ceS9Ppn/cf/rmumI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/KEYGEN/Keygen.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KEYGEN/Adobe Photoshop CS3 Extended VOLUME LICENSE KEYGEN.exe
unpack001/KEYGEN/Keygen.exe
unpack002/out.upx
unpack001/KEYGEN/аctivate.exe

Files

c1f2f81d2b9a31a7a9ca44b2676a8694
.rar
KEYGEN/Adobe Photoshop CS3 Extended VOLUME LICENSE KEYGEN.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KEYGEN/Keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KEYGEN/file_id.diz
KEYGEN/shot.bmp
KEYGEN/zwt.nfo
KEYGEN/аctivate.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@_virt_alloc
@_virt_commit
@_virt_decommit
@_virt_release
@_virt_reserve
_CLOCALE
_CMonetary
_CNumeric
_CTimeDate
__C0argc
__C0argv
__C0environ
__ErrorExit
__ErrorMessage
__ErrorMessageHelper
__ExcRegPtr
___CRTL_MEM_CheckBorMem
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_Revector
___DOSerror
___ErrorMessage
___IOerror
___NTerror
___allocated
___eof
___errno
___fputn
___isatty
___isatty_osfhandle
___locale
___lseek
___org__expand
___org__fgetc
___org__msize
___org__read
___org__rtl_read
___org__rtl_write
___org__write
___org_calloc
___org_fflush
___org_fgetc
___org_fputc
___org_fputs
___org_free
___org_malloc
___org_memchr
___org_memcpy
___org_memmove
___org_memset
___org_perror
___org_strlen
___pCallAtExitProcs
___read
___write
__allocbuf
__argc
__bormm_pfn_FreeMem
__bormm_pfn_GetMem
__bormm_pfn_HeapAddRef
__bormm_pfn_HeapRelease
__bormm_pfn_ReallocMem
__c_exit
__cexit
__cfinfo_get
__cleanup
__create_shmem
__dll_table
__dosErrorToSV
__doserrno
__dup_handle
__exe_table
__exit
__exit_streams
__exitbuf
__exitfopen
__exitopen
__expand
__fgetc
__firstHeap
__flushout
__freeStart
__free_handle
__free_heaps
__get_handle
__getmbcp
__handles
__heap_redirector
__initMBCSTable
__init_exit_proc
__init_handles
__init_streams
__internal_free
__internal_free_heaps
__internal_malloc
__internal_realloc
__isWindows
__kalpha
__kpunct
__lastHeap
__linktable
__lldiv
__llmod
__llmul
__llshl
__llshr
__lludiv
__llumod
__llushr
__mbcsCodePage
__mbctype
__mbsrchr
__messagefile
__messagefunc
__msize
__nfile
__nv_heap_size
__openfd
__oscmd
__osenv
__ostype
__phys_avail
__pidtab
__read
__rover
__rtl_read
__rtl_write
__setmbcp
__smalloc_threshold
__stkbase
__streams
__sys_errlist
__sys_nerr
__terminate
__virt_chunk_free
__virt_chunk_free2
__virt_chunk_size
__virt_chunk_size2
__virt_heap_size
__wC0argv
__wC0environ
__woscmd
__wosenv
__write
__xfflush
_absol
_add
_big_to_bytes
_bigbits
_brand
_bytes_to_big
_calloc
_cinnum
_cinstr
_compare
_convert
_copy
_cotnum
_cotstr
_decr
_denom
_divide
_divisible
_dlconv
_double_inverse
_ecp_memalloc
_ecp_memkill
_ecurve_add
_ecurve_double
_ecurve_double_add
_ecurve_init
_ecurve_mult
_ecurve_mult2
_ecurve_multi_add
_ecurve_multn
_ecurve_sub
_epoint_comp
_epoint_copy
_epoint_free
_epoint_get
_epoint_getxyz
_epoint_init
_epoint_init_mem
_epoint_init_mem_variable
_epoint_negate
_epoint_norm
_epoint_set
_epoint_x
_errno
_exit
_expb2
_exsign
_fflush
_fgetc
_fit
_fpack
_fputc
_fputs
_free
_get_mip
_getdig
_hamming
_igcd
_incr
_init_big_from_rom
_init_point_from_rom
_innum
_insign
_instr
_invers
_irand
_isqrt
_jac
_jack
_kill_monty
_lgconv
_logb2
_mad
_malloc
_memalloc
_memchr
_memcpy
_memkill
_memmove
_memset
_mirexit
_mirkill
_mirsys
_mirvar
_mirvar_mem
_mirvar_mem_variable
_mr_alloc
_mr_berror
_mr_first_alloc
_mr_free
_mr_lent
_mr_lzero
_mr_mip
_mr_naf_window
_mr_notint
_mr_padd
_mr_pmul
_mr_psub
_mr_sdiv
_mr_setbase
_mr_shift
_mr_shiftbits
_mr_testbit
_mr_track
_mr_window
_mr_window2
_muldiv
_muldvd
_muldvd2
_muldvm
_multi_inverse
_multiply
_negify
_normalise
_nres
_nres_dotprod
_nres_double_inverse
_nres_double_modadd
_nres_double_modsub
_nres_lazy
_nres_modadd
_nres_moddiv
_nres_modmult
_nres_modsub
_nres_multi_inverse
_nres_negate
_nres_powltr
_nres_powmod
_nres_powmod2
_nres_powmodn
_nres_premult
_nres_sqroot
_numdig
_numer
_otnum
_otstr
_perror
_point_at_infinity
_powltr
_powmod
_powmod2
_powmodn
_premult
_prepare_monty
_putdig
_recode
_redc
_remain
_set_io_buffer_size
_set_user_function
_sftbit
_sgcd
_size
_smul
_spmd
_sqrmp
_sqroot
_strlen
_subdiv
_subdivisible
_subtract
_uconvert
_xgcd
_zero

Sections

Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: - Virtual size: 64KB

.rdata Size: 32KB - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 68KB

UPX1 Size: 48KB - Virtual size: 52KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 22KB

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 136KB

Size: 53KB - Virtual size: 56KB

.rdata
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 68KB

UPX1
Size: 48KB - Virtual size: 52KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 22KB