5 Yalove Worms[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5 Yalove Worms.zip
Size

4.2MB
MD5

b9c98b028ee3a0ece95c0de562950397
SHA1

b01ba75e6e1c3e4f4c9bf4d3df58b1a342448a6a
SHA256

f3544211710d293dfe623411feb7e121f5a8b2ea8b9e5e545d1f51b1aa9aabe3
SHA512

08d1487cad27f64ec0829b3175a0c41f896ff8cfb331de3db671810c371309c05426ea8d3b892235dc1b8a6e82c95dfbed1c079cfe84e63a3a1a5992c10befb2
SSDEEP

98304:2xPJJVzsnf1ozRfFzsa5a7LhDfO7F9wf1/xP8OvO8LH+u:25anivs/LBO7EV5Hiu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/WezoAutoUP.exe	upx
static1/unpack001/culclientUp.exe	upx
static1/unpack001/vncDbnt.exe	upx
static1/unpack001/wzoptup.exe	upx

AutoIT Executable 4 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe
static1/unpack003/out.upx	autoit_exe
static1/unpack004/out.upx	autoit_exe
static1/unpack005/out.upx	autoit_exe

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WezoAutoUP.exe
unpack002/out.upx
unpack001/culclientUp.exe
unpack003/out.upx
unpack001/vncDbnt.exe
unpack004/out.upx
unpack001/wzoptup.exe
unpack005/out.upx

Files

5 Yalove Worms.zip
.zip
WezoAutoUP.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
__MACOSX/._WezoAutoUP.exe
__MACOSX/._culclientUp.exe
__MACOSX/._software.exe
__MACOSX/._vncDbnt.exe
__MACOSX/._wzoptup.exe
culclientUp.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
software.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

6a:6a:a4:4c:32:10:15:a2:47:5e:ae:5b:96:91:56:9b
Certificate

Issuer

CN=[̲̅M][̲̅a][̲̅r][̲̅i][̲̅a][̲̅ ][̲̅c][̲̅o][̲̅r][̲̅p][̲̅o][̲̅r][̲̅a][̲̅t][̲̅i][̲̅o][̲̅n][̲̅ ][̲̅i][̲̅n][̲̅ ][̲̅b][̲̅a][̲̅n][̲̅g][̲̅k][̲̅o][̲̅k]

Not Before

24/06/2024, 03:01

Not After

25/06/2034, 03:01

Subject

CN=[̲̅M][̲̅a][̲̅r][̲̅i][̲̅a][̲̅ ][̲̅c][̲̅o][̲̅r][̲̅p][̲̅o][̲̅r][̲̅a][̲̅t][̲̅i][̲̅o][̲̅n][̲̅ ][̲̅i][̲̅n][̲̅ ][̲̅b][̲̅a][̲̅n][̲̅g][̲̅k][̲̅o][̲̅k]

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:cb:7e:cc:7a:52:8c:a6:91:f4:cb:4f:5f:c3:54:0a:fb:46:b0:14:85:aa:38:8e:79:2b:6d:b9:8e:c5:84:93
Signer

Actual PE Digest

47:cb:7e:cc:7a:52:8c:a6:91:f4:cb:4f:5f:c3:54:0a:fb:46:b0:14:85:aa:38:8e:79:2b:6d:b9:8e:c5:84:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

softwarejapan.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vncDbnt.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wzoptup.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 496KB

UPX1 Size: 298KB - Virtual size: 300KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 532KB - Virtual size: 531KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 496KB

UPX1 Size: 298KB - Virtual size: 300KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 532KB - Virtual size: 531KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 32KB - Virtual size: 32KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

6a:6a:a4:4c:32:10:15:a2:47:5e:ae:5b:96:91:56:9bCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

47:cb:7e:cc:7a:52:8c:a6:91:f4:cb:4f:5f:c3:54:0a:fb:46:b0:14:85:aa:38:8e:79:2b:6d:b9:8e:c5:84:93Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 496KB

UPX1 Size: 298KB - Virtual size: 300KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 532KB - Virtual size: 531KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 32KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 496KB

UPX1 Size: 298KB - Virtual size: 300KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

DLL Characteristics

File Characteristics

UPX0
Size: - Virtual size: 496KB

UPX1
Size: 298KB - Virtual size: 300KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 532KB - Virtual size: 531KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 32KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 496KB

UPX1
Size: 298KB - Virtual size: 300KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 532KB - Virtual size: 531KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 32KB - Virtual size: 32KB

6a:6a:a4:4c:32:10:15:a2:47:5e:ae:5b:96:91:56:9b
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

47:cb:7e:cc:7a:52:8c:a6:91:f4:cb:4f:5f:c3:54:0a:fb:46:b0:14:85:aa:38:8e:79:2b:6d:b9:8e:c5:84:93
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 496KB

UPX1
Size: 298KB - Virtual size: 300KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 532KB - Virtual size: 531KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 32KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 496KB

UPX1
Size: 298KB - Virtual size: 300KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 532KB - Virtual size: 531KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 32KB - Virtual size: 32KB