ez[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ez.exe
Size

52.5MB
MD5

ba61f69463e33d28080856a5bc9b0647
SHA1

5afaf11aefc71fd57f02a97f575f5601c84a4a41
SHA256

2e387a2097209344ed9c51af600d1010bde5c058c8074f0a1a6c4b8ce114f95a
SHA512

a0303c6e29eadb970ae338221bc7ea16152644203cf2384b481eefbf3937801abba7e9c07a7b3149d13ab59cd0b91756c84cb68192d7ef408a874c0666d158c9
SSDEEP

1572864:wwsrrWjnZobtzFlsP/oWbkZWpTi9Y7wAy:wwsrqQtHsXoWRTMY7wp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ez.exe
unpack001/out.upx

Files

ez.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 50.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52.3MB - Virtual size: 52.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

IsolateEnterStub__CEntryPointNativeFunctions__attachThread__fe8e89788bae97cf98065b8b062da14102a906b7__f6667de81ba3372976bb88a1ffd53978a14e5062
IsolateEnterStub__CEntryPointNativeFunctions__createIsolate__c5b5663bc8e51fac8eb7cc2a6c1952957d7e49f1__d9d51255c13e1e63932724fc45c8d9d7d992f5cb
IsolateEnterStub__CEntryPointNativeFunctions__detachAllThreadsAndTearDownIsolate__803a26f98b4febfb61e3b676ead8b433cc2f21b3__d04f70c150119a1a6df693cde53c8a58128d5e2b
IsolateEnterStub__CEntryPointNativeFunctions__detachThread__573569b4c2b1f6ab146362c4435fcfe4abea4692__e8b0041f4e89ff307dd3640c69c109d0d8139b8e
IsolateEnterStub__CEntryPointNativeFunctions__getCurrentThread__669b6d90f89f02f4f21a6830554f612197337b86__1cff6a2f13f336178f12f2558128228775e047f6
IsolateEnterStub__CEntryPointNativeFunctions__getIsolate__75d5a57aa8fca0d2471ea17ca517f44cfdf0f2fc__e18826d035036aa5606c61e869f37df97fe5892f
IsolateEnterStub__CEntryPointNativeFunctions__tearDownIsolate__fa8c10625da916d6c43ee2eea372e6d2349f2fa0__7f4c88f0402ae949ca8b3e2b3a3e6235b49772f0
IsolateEnterStub__JNIInvocationInterface_0024Exports__JNI__CreateJavaVM__ba182be51e30552971cbbdb9960f52a7ebc17ff8__62fa6fcb73a0e0d2fda77bdbf26359facfbaa734
IsolateEnterStub__JNIInvocationInterface_0024Exports__JNI__GetCreatedJavaVMs__8349780683d23085ca6fca3423ec245733e16c32__3abce4986f080175b20b8a8b5e7458bfdda881e4
IsolateEnterStub__JNIInvocationInterface_0024Exports__JNI__GetDefaultJavaVMInitArgs__8fe7b7a26fde0b5d6373df2756c2f2545cfc5fed__2c881359d3c4c7f4c4da4479a1cee5896becfb6b
IsolateEnterStub__JavaMainWrapper__run__5087f5482cc9a6abc971913ece43acb471d2631b__092e385b15f846acab22b8180eb675720c49e4f8
JNI_CreateJavaVM
JNI_GetCreatedJavaVMs
JNI_GetDefaultJavaVMInitArgs
JNU_GetEnv
JNU_ThrowByName
JNU_ThrowNullPointerException
__svm_code_section
__svm_version_info
__svm_vm_java_version
__svm_vm_target_ccompiler
__svm_vm_target_libc
__svm_vm_target_libraries
__svm_vm_target_platform
__svm_vm_target_staticlibraries
graal_attach_thread
graal_create_isolate
graal_detach_all_threads_and_tear_down_isolate
graal_detach_thread
graal_get_current_thread
graal_get_isolate
graal_tear_down_isolate
jio_snprintf
main

Sections

.text
Size: 59.4MB - Virtual size: 59.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.svm_hea
Size: 43.0MB - Virtual size: 43.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 50.9MB

UPX1 Size: 52.3MB - Virtual size: 52.3MB

.rsrc Size: 189KB - Virtual size: 192KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 59.4MB - Virtual size: 59.4MB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 8KB - Virtual size: 5KB

.rodata Size: 40KB - Virtual size: 36KB

.svm_hea Size: 43.0MB - Virtual size: 43.0MB

.reloc Size: 300KB - Virtual size: 298KB

.rsrc Size: 188KB - Virtual size: 188KB

UPX0
Size: - Virtual size: 50.9MB

UPX1
Size: 52.3MB - Virtual size: 52.3MB

.rsrc
Size: 189KB - Virtual size: 192KB

.text
Size: 59.4MB - Virtual size: 59.4MB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 8KB - Virtual size: 5KB

.rodata
Size: 40KB - Virtual size: 36KB

.svm_hea
Size: 43.0MB - Virtual size: 43.0MB

.reloc
Size: 300KB - Virtual size: 298KB

.rsrc
Size: 188KB - Virtual size: 188KB