r77 | 90b15f45b5e5b8edfe9bc287f324d336d82ff0504e93af055071376b1af4fc74

General

Target

90b15f45b5e5b8edfe9bc287f324d336d82ff0504e93af055071376b1af4fc74
Size

754KB
MD5

fb4f85954ed41439eaa263a6d82cdb6b
SHA1

d263cd48d7f17166228e047f1cd4be187a5877e0
SHA256

90b15f45b5e5b8edfe9bc287f324d336d82ff0504e93af055071376b1af4fc74
SHA512

a376f9a38b6dc43039c9ce6e1f211fa4d5dc9ebad57e5161b1f76a711e0254aa9028efbf45b63d698352630129b5a5e3208c225b9f361594852d5ed7966d6f4c
SSDEEP

12288:pPMyQq8h0PGYcf1ntZf9DTCW6L2B96QTmodXdfdGoHRT3rX22PIoexqxIY4uUeLr:pPMyWh0PdcjDTCWVbTmodXdlGoxT3r/E

Score

10^/10

upx r77

Malware Config

Signatures

R77 family
r77

r77 rootkit payload 1 IoCs

Detects the payload of the r77 rootkit.

Processes:

resource	yara_rule
static1/unpack001/out.upx	r77_payload

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
90b15f45b5e5b8edfe9bc287f324d336d82ff0504e93af055071376b1af4fc74
unpack001/out.upx

Files

90b15f45b5e5b8edfe9bc287f324d336d82ff0504e93af055071376b1af4fc74
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 760KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 661KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 760KB

UPX1 Size: 661KB - Virtual size: 664KB

.rsrc Size: 91KB - Virtual size: 92KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 457KB - Virtual size: 457KB

.rdata Size: 175KB - Virtual size: 175KB

.data Size: 13KB - Virtual size: 22KB

.pdata Size: 25KB - Virtual size: 24KB

.gehcont Size: 512B - Virtual size: 20B

.rsrc Size: 710KB - Virtual size: 710KB

.reloc Size: 5KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 760KB

UPX1
Size: 661KB - Virtual size: 664KB

.rsrc
Size: 91KB - Virtual size: 92KB

.text
Size: 457KB - Virtual size: 457KB

.rdata
Size: 175KB - Virtual size: 175KB

.data
Size: 13KB - Virtual size: 22KB

.pdata
Size: 25KB - Virtual size: 24KB

.gehcont
Size: 512B - Virtual size: 20B

.rsrc
Size: 710KB - Virtual size: 710KB

.reloc
Size: 5KB - Virtual size: 4KB