67f8c09ed3fc1ed9bdf48175091e854a2f92890c03c3b776c5e48409da93ed63

Sharing

Copy URL Twitter E-mail

General

Target

67f8c09ed3fc1ed9bdf48175091e854a2f92890c03c3b776c5e48409da93ed63
Size

1.0MB
MD5

485a28ac16b5df770644a9d9eeca6105
SHA1

a2c835bbe17dc354fdb874565b9bd31b5bed34b2
SHA256

67f8c09ed3fc1ed9bdf48175091e854a2f92890c03c3b776c5e48409da93ed63
SHA512

521680a7a7ea0254b85bf694dcb2c38272e2c9600d55d55497b7c641d0d0bdd3b37b6c0d9235fa63e02f09929d9cb090f5d24042acd631862a36952e3d7702c6
SSDEEP

24576:+cPqR6ECBhAfk1T/fSG6R8llfil+mDqCcAcQiCqFbw8ODkV:+ck6ECzAIT/fN6R8LilrX1cQqlBO4V

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/小马激活/KMS10.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/小马激活/KMS10.exe
unpack002/out.upx

Files

67f8c09ed3fc1ed9bdf48175091e854a2f92890c03c3b776c5e48409da93ed63
.zip
小马激活/KMS10.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1002KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 84B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 800KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.6MB

UPX1 Size: 1002KB - Virtual size: 1004KB

.rsrc Size: 70KB - Virtual size: 72KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.itext Size: 6KB - Virtual size: 6KB

.data Size: 102KB - Virtual size: 101KB

.bss Size: - Virtual size: 27KB

.idata Size: 13KB - Virtual size: 12KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 151B

.tls Size: - Virtual size: 84B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 208KB - Virtual size: 208KB

.rsrc Size: 800KB - Virtual size: 800KB

UPX0
Size: - Virtual size: 2.6MB

UPX1
Size: 1002KB - Virtual size: 1004KB

.rsrc
Size: 70KB - Virtual size: 72KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.itext
Size: 6KB - Virtual size: 6KB

.data
Size: 102KB - Virtual size: 101KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 13KB - Virtual size: 12KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 151B

.tls
Size: - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 208KB - Virtual size: 208KB

.rsrc
Size: 800KB - Virtual size: 800KB