d1ed886239aac3d60eccbd3aa049e84e[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d1ed886239aac3d60eccbd3aa049e84e.bin
Size

1.9MB
MD5

d1ed886239aac3d60eccbd3aa049e84e
SHA1

0b8a143730473df7afbea6716208d862b7f6028d
SHA256

1aeaafab401ed0caae82f6627e33522703a8023829cffd63baf9c7c0ccf21e8d
SHA512

39b4799f166be62003d2d4a903c5148cb36c7097b8c9c0f8daf876d412ec834a873ef62c47f49ba9ba77fe3f097235aeddab9ef5ae1332cc77338a30583c72b1
SSDEEP

49152:EZgEDTYroJ0lBNIydOEmbHCGJfDy1IgUS9Emj8O69CgX:E6E3bUB1ri3Jm1IdaEmj8rCgX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/kmupdate.exe	upx
static1/unpack001/koomail.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kmupdate.exe
unpack002/out.upx
unpack001/koomail.exe

Files

d1ed886239aac3d60eccbd3aa049e84e.bin
.rar
NEWMAIL.WAV
QQWry.Dat
SERVER.INI
TEMPLATE/FORWARD/html普通转发.htm
.html
TEMPLATE/FORWARD/html普通转发.htm.ini
TEMPLATE/FORWARD/普通转发.txt
TEMPLATE/FORWARD/普通转发.txt.ini
TEMPLATE/MACRO/_kooDATE.gif
.gif
TEMPLATE/MACRO/_kooFROMADDR.gif
.gif
TEMPLATE/MACRO/_kooFROMNAME.gif
.gif
TEMPLATE/MACRO/_kooOLDCC.gif
.gif
TEMPLATE/MACRO/_kooOLDRECVER.gif
.gif
TEMPLATE/MACRO/_kooQUOTEOLD.gif
.gif
TEMPLATE/MACRO/_kooRECVDATE.gif
.gif
TEMPLATE/MACRO/_kooRECVNAME.gif
.gif
TEMPLATE/MACRO/_kooRECVSUBJECT.gif
.gif
TEMPLATE/MACRO/_kooRECVTIME.gif
.gif
TEMPLATE/MACRO/_kooREPLYADDR.gif
.gif
TEMPLATE/MACRO/_kooREPLYNAME.gif
.gif
TEMPLATE/MACRO/_kooTIME.gif
.gif
TEMPLATE/MACRO/_kooTOADDR.gif
.gif
TEMPLATE/MACRO/_kooTODUTYNAME.GIF
.gif
TEMPLATE/MACRO/_kooTONAME.gif
.gif
TEMPLATE/MACRO/_kooTONICKNAME.GIF
.gif
TEMPLATE/MACRO/_kooTOSHOWNAME.GIF
.gif
TEMPLATE/NEW/Html模板.htm.ini
TEMPLATE/NEW/印象.htm
.html
TEMPLATE/NEW/印象.htm.ini
TEMPLATE/NEW/坚持.htm
.html
TEMPLATE/NEW/坚持.htm.ini
TEMPLATE/NEW/宽蓝纹.htm.ini
TEMPLATE/NEW/春雨.htm
.html
TEMPLATE/NEW/春雨.htm.ini
TEMPLATE/NEW/普通信件.txt
TEMPLATE/NEW/灰细纹.htm
.html
TEMPLATE/NEW/灰细纹.htm.ini
TEMPLATE/NEW/简单.txt
TEMPLATE/NEW/简单.txt.ini
TEMPLATE/NEW/航行.htm.ini
TEMPLATE/NEW/英文普通信件.txt
TEMPLATE/NEW/蓝细纹.htm
.html
TEMPLATE/NEW/蓝细纹.htm.ini
TEMPLATE/REPLY/印象.htm
.html
TEMPLATE/REPLY/印象.htm.ini
TEMPLATE/REPLY/坚持.htm
.html
TEMPLATE/REPLY/坚持.htm.ini
TEMPLATE/REPLY/春雨.htm
.html
TEMPLATE/REPLY/春雨.htm.ini
TEMPLATE/REPLY/普通回复.txt
TEMPLATE/REPLY/灰细纹.htm
.html
TEMPLATE/REPLY/灰细纹.htm.ini
TEMPLATE/REPLY/简单.txt
TEMPLATE/REPLY/简单.txt.ini
TEMPLATE/REPLY/英文普通回复.txt
TEMPLATE/REPLY/蓝细纹.htm
.html
TEMPLATE/REPLY/蓝细纹.htm.ini
TEMPLATE/koomail_images/PE15-2.gif
TEMPLATE/koomail_images/RE03-5.gif
TEMPLATE/koomail_images/Thumbs.db
TEMPLATE/koomail_images/back1.gif
.gif
TEMPLATE/koomail_images/back2.gif
.gif
TEMPLATE/koomail_images/back2_2.GIF
kmupdate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
koomail.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
koomail.exe.manifest
license.txt
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 16KB

UPX1 Size: 9KB - Virtual size: 12KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.1MB

UPX1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 79KB - Virtual size: 80KB

UPX0
Size: - Virtual size: 16KB

UPX1
Size: 9KB - Virtual size: 12KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 4.1MB

UPX1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 79KB - Virtual size: 80KB