ea473a662b3db90c6f961036ae6b2dde[.]bin

General

Target

ea473a662b3db90c6f961036ae6b2dde.bin
Size

548KB
MD5

9867df19036093787921b58b6c500cfc
SHA1

e86b0d45a52cc8c4b807684eb07ac217db3e7ee6
SHA256

d64243a4ff3780d7c0f93915dcb1398a8116d41eb0dc30bc2d58d7956b9f8313
SHA512

ae24f4d4c204df790825261a083913659bb134319363a021adee1bc2f03d2c1885473ba9dbf996cac9e82cacba85a609ab47d1fa64696baa2709058fddff810b
SSDEEP

12288:vWqA8IfZ42Gb3WEZ7VCQlaQZF+ev6jaetdEnczfi2YYjCL:vlA/3GTWEpVllae+CUgoJC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/FACTRE870988000000000.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack003/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/FACTRE870988000000000.exe
unpack003/out.upx

Files

ea473a662b3db90c6f961036ae6b2dde.bin
.zip

Password: infected
77400c2d21716aefa5be01b07cf0f85737a17049e692e4ececf1e698d651816f.zip
.zip

Password: infected
FACTRE870988000000000.exe
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 732KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 345KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 732KB

UPX1 Size: 345KB - Virtual size: 348KB

.rsrc Size: 213KB - Virtual size: 216KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 220KB - Virtual size: 220KB

.reloc Size: 28KB - Virtual size: 28KB

UPX0
Size: - Virtual size: 732KB

UPX1
Size: 345KB - Virtual size: 348KB

.rsrc
Size: 213KB - Virtual size: 216KB

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 220KB - Virtual size: 220KB

.reloc
Size: 28KB - Virtual size: 28KB