HMBlocker[.]zip

General

Target

HMBlocker.zip
Size

38KB
MD5

5968e8a8caa61b46ba347f8c521c1f2e
SHA1

88f9a7ce6e77d191c9a57ecf238ef5e9e9ba6c7c
SHA256

a181f8925c8c66614be38de89e6dc38cf85715379a10de8d9f9d70b04891ca35
SHA512

6b0659ff7a5548cd1b752a72a70b147d1c9676dce14148430961a7b5204d4e3a42de5530d423ebb879f8e5c72785a45e5b20bd40cbf93cfaefe981534e96cbe3
SSDEEP

768:c5tCBDl2dCYobbAq+kjru+zp2SkDyMZ50eUsjjtiyASlUrUY0tRx7L2:Sw2LUbAmv60kjjtnAUnYQt2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/[email protected]	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[email protected]
unpack002/out.upx

Files

HMBlocker.zip
.zip

Password: mysubsarethebest
[email protected]
.exe windows:5 windows x86 arch:x86

Password: mysubsarethebest

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: mysubsarethebest

Password: mysubsarethebest

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 72KB

UPX1 Size: 32KB - Virtual size: 36KB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 832B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 512B - Virtual size: 490B

UPX0
Size: - Virtual size: 72KB

UPX1
Size: 32KB - Virtual size: 36KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 832B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 512B - Virtual size: 490B