a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e

General

Target

a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e
Size

534KB
MD5

f0148b006614301ca6a4ee9866eaf53b
SHA1

42171284da0b772b0909507c46f5dadc4b300d23
SHA256

a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e
SHA512

cc3dbd41f042411299b865dc6153cb9b21e4398a4bb9aa5f53f8d066d42483898fc5a3811668a93348a3e866aff66db1e7db7b33f021659f501bf50693a3bff1
SSDEEP

12288:MZrNJQ/OC4Na38lsymu+Kczw5fr08Xj++zJz4ZtgaPrLGmriilD/9ZwI:MZr0/OG3lyvr1ZTAZ6aeyt/9ZJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59.exe
unpack002/out.upx

Files

a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e
.zip

Password: infected
e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 728KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 370KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 728KB

UPX1 Size: 370KB - Virtual size: 372KB

.rsrc Size: 188KB - Virtual size: 188KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 619KB - Virtual size: 618KB

.rdata Size: 191KB - Virtual size: 190KB

.data Size: 18KB - Virtual size: 28KB

.rsrc Size: 195KB - Virtual size: 195KB

.reloc Size: 29KB - Virtual size: 29KB

UPX0
Size: - Virtual size: 728KB

UPX1
Size: 370KB - Virtual size: 372KB

.rsrc
Size: 188KB - Virtual size: 188KB

.text
Size: 619KB - Virtual size: 618KB

.rdata
Size: 191KB - Virtual size: 190KB

.data
Size: 18KB - Virtual size: 28KB

.rsrc
Size: 195KB - Virtual size: 195KB

.reloc
Size: 29KB - Virtual size: 29KB