SecuriteInfo[.]com[.]Trojan[.]GenericKD[.]73290600[.]32134[.]8584[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.GenericKD.73290600.32134.8584.exe
Size

1.8MB
MD5

5a4c891fb244b2e20e9cf713fd771fb9
SHA1

5646abd43cce25017db43a02f11e5fdbcee86995
SHA256

e09f2f00ad6639e8758aa00ea2d91dc4b0d82d727a230001b38639270ac2f585
SHA512

afe1b0f402e1b7d6119c76cc3bbf01dcebe956b4fed50961d13f8ea02f9c278fd1a5a5c8797528757395590ebd5af1c6cb781d1c7fe51c9299b8390efb8e4ce4
SSDEEP

49152:ZC45i9N1Uk8N/K/KbtESV9kNY3rQDs1lGfAudViME8iC8E:ZC4AivN8QVV9kNDs1lEzdViz8iCt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.GenericKD.73290600.32134.8584.exe
unpack001/out.upx

Files

SecuriteInfo.com.Trojan.GenericKD.73290600.32134.8584.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0?$TemplateList@PAE@@QAE@XZ
??0?$TemplateList@UFXType@@@@QAE@XZ
??0?$TemplateList@UHandlerDesc@@@@QAE@XZ
??0?$TemplateList@U_BAG_ITEM@@@@QAE@XZ
??0?$TemplateList@U_USER_PROFESSION@@@@QAE@XZ
??0?$TemplateList@U_USER_SKILL@@@@QAE@XZ
??0?$TemplateList@VFontList@@@@QAE@XZ
??0?$TemplateList@VSysMsg@@@@QAE@XZ
??0?$TemplateList@VTFCObject@@@@QAE@XZ
??0Random@t4csvr@@AAE@AAV01@@Z
??0Random@t4csvr@@QAE@XZ
??1?$TemplateList@PAE@@QAE@XZ
??1?$TemplateList@UFXType@@@@QAE@XZ
??1?$TemplateList@UHandlerDesc@@@@QAE@XZ
??1?$TemplateList@U_BAG_ITEM@@@@QAE@XZ
??1?$TemplateList@U_USER_PROFESSION@@@@QAE@XZ
??1?$TemplateList@U_USER_SKILL@@@@QAE@XZ
??1?$TemplateList@VFontList@@@@QAE@XZ
??1?$TemplateList@VSysMsg@@@@QAE@XZ
??1?$TemplateList@VTFCObject@@@@QAE@XZ
??4?$TemplateList@PAE@@QAEAAV0@ABV0@@Z
??4?$TemplateList@UFXType@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@UHandlerDesc@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_BAG_ITEM@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_FORMULE_INFO@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_FORMULE_REQ@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_PROFESSION_NAME@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_USER_PROFESSION@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_USER_SKILL@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@VFontList@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@VSysMsg@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@VTFCObject@@@@QAEAAV0@ABV0@@Z
??4ListException@@QAEAAV0@$$QAV0@@Z
??4ListException@@QAEAAV0@ABV0@@Z
??4Random@t4csvr@@AAEAAV01@AAV01@@Z
??RRandom@t4csvr@@QAEHAAVdice@1@@Z
??RRandom@t4csvr@@QAEHHH@Z
??RRandom@t4csvr@@QAEH_KHH@Z
?AddToHead@?$TemplateList@U_BAG_ITEM@@@@QAEXPAU_BAG_ITEM@@@Z
?AddToTail@?$TemplateList@UFXType@@@@QAEXPAUFXType@@@Z
?AddToTail@?$TemplateList@UHandlerDesc@@@@QAEXPAUHandlerDesc@@@Z
?AddToTail@?$TemplateList@U_BAG_ITEM@@@@QAEXPAU_BAG_ITEM@@@Z
?AddToTail@?$TemplateList@U_USER_SKILL@@@@QAEXPAU_USER_SKILL@@@Z
?AddToTail@?$TemplateList@VFontList@@@@QAEXPAVFontList@@@Z
?AddToTail@?$TemplateList@VSysMsg@@@@QAEXPAVSysMsg@@@Z
?AddToTail@?$TemplateList@VTFCObject@@@@QAEXPAVTFCObject@@@Z
?DeleteObject@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?DeleteObject@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?DeleteObject@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?DeleteObject@?$TemplateList@VSysMsg@@@@QAEXXZ
?DestroyList@?$TemplateList@VSysMsg@@@@QAEXXZ
?GetNbObjects@?$TemplateList@UHandlerDesc@@@@QAEHXZ
?GetNbObjects@?$TemplateList@VSysMsg@@@@QAEHXZ
?GetObjectA@?$TemplateList@UFXType@@@@QAEPAUFXType@@XZ
?GetObjectA@?$TemplateList@UHandlerDesc@@@@QAEPAUHandlerDesc@@XZ
?GetObjectA@?$TemplateList@U_BAG_ITEM@@@@QAEPAU_BAG_ITEM@@XZ
?GetObjectA@?$TemplateList@U_USER_SKILL@@@@QAEPAU_USER_SKILL@@XZ
?GetObjectA@?$TemplateList@VFontList@@@@QAEPAVFontList@@XZ
?GetObjectA@?$TemplateList@VSysMsg@@@@QAEPAVSysMsg@@XZ
?GetObjectA@?$TemplateList@VTFCObject@@@@QAEPAVTFCObject@@XZ
?GetSeed@Random@t4csvr@@SA_KXZ
?LastValue@Random@t4csvr@@0HA
?Lock@?$TemplateList@UFXType@@@@QAEXPAD@Z
?Lock@?$TemplateList@UHandlerDesc@@@@QAEXPAD@Z
?Lock@?$TemplateList@U_BAG_ITEM@@@@QAEXPAD@Z
?Lock@?$TemplateList@U_USER_SKILL@@@@QAEXPAD@Z
?Lock@?$TemplateList@VSysMsg@@@@QAEXPAD@Z
?QueryNext@?$TemplateList@PAE@@QAEHXZ
?QueryNext@?$TemplateList@UFXType@@@@QAEHXZ
?QueryNext@?$TemplateList@UHandlerDesc@@@@QAEHXZ
?QueryNext@?$TemplateList@U_BAG_ITEM@@@@QAEHXZ
?QueryNext@?$TemplateList@U_USER_PROFESSION@@@@QAEHXZ
?QueryNext@?$TemplateList@U_USER_SKILL@@@@QAEHXZ
?QueryNext@?$TemplateList@VFontList@@@@QAEHXZ
?QueryNext@?$TemplateList@VSysMsg@@@@QAEHXZ
?QueryNext@?$TemplateList@VTFCObject@@@@QAEHXZ
?QueryPrevious@?$TemplateList@VSysMsg@@@@QAEHXZ
?QueryPrevious@?$TemplateList@VTFCObject@@@@QAEHXZ
?Randomize@Random@t4csvr@@CA_JHHH@Z
?RemoveObject@?$TemplateList@PAE@@QAEXXZ
?RemoveObject@?$TemplateList@UFXType@@@@QAEXXZ
?RemoveObject@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?RemoveObject@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?RemoveObject@?$TemplateList@U_USER_PROFESSION@@@@QAEXXZ
?RemoveObject@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?RemoveObject@?$TemplateList@VFontList@@@@QAEXXZ
?RemoveObject@?$TemplateList@VSysMsg@@@@QAEXXZ
?RemoveObject@?$TemplateList@VTFCObject@@@@QAEXXZ
?Seed@Random@t4csvr@@0_KA
?SetQueryState@?$TemplateList@UHandlerDesc@@@@QAEXW4ListStatus@@@Z
?SetQueryState@?$TemplateList@U_BAG_ITEM@@@@QAEXW4ListStatus@@@Z
?SetQueryState@?$TemplateList@VFontList@@@@QAEXW4ListStatus@@@Z
?SetQueryState@?$TemplateList@VTFCObject@@@@QAEXW4ListStatus@@@Z
?SetSeed@Random@t4csvr@@SAX_K@Z
?ToHead@?$TemplateList@PAE@@QAEXXZ
?ToHead@?$TemplateList@UFXType@@@@QAEXXZ
?ToHead@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?ToHead@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?ToHead@?$TemplateList@U_USER_PROFESSION@@@@QAEXXZ
?ToHead@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?ToHead@?$TemplateList@VFontList@@@@QAEXXZ
?ToHead@?$TemplateList@VSysMsg@@@@QAEXXZ
?ToHead@?$TemplateList@VTFCObject@@@@QAEXXZ
?ToTail@?$TemplateList@UFXType@@@@QAEXXZ
?ToTail@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?ToTail@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?ToTail@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?ToTail@?$TemplateList@VFontList@@@@QAEXXZ
?ToTail@?$TemplateList@VSysMsg@@@@QAEXXZ
?ToTail@?$TemplateList@VTFCObject@@@@QAEXXZ
?Unlock@?$TemplateList@UFXType@@@@QAEXPAD@Z
?Unlock@?$TemplateList@UHandlerDesc@@@@QAEXPAD@Z
?Unlock@?$TemplateList@U_BAG_ITEM@@@@QAEXPAD@Z
?Unlock@?$TemplateList@U_USER_SKILL@@@@QAEXPAD@Z
?Unlock@?$TemplateList@VSysMsg@@@@QAEXPAD@Z
?roll@Random@t4csvr@@QAEHAAVdice@2@@Z
?testvs@Random@t4csvr@@SAHHH@Z

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vlizer
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 6.2MB

UPX1 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 400KB - Virtual size: 399KB

.data Size: 43KB - Virtual size: 3.5MB

.rsrc Size: 14KB - Virtual size: 14KB

.vlizer Size: 1.7MB - Virtual size: 1.7MB

UPX0
Size: - Virtual size: 6.2MB

UPX1
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 400KB - Virtual size: 399KB

.data
Size: 43KB - Virtual size: 3.5MB

.rsrc
Size: 14KB - Virtual size: 14KB

.vlizer
Size: 1.7MB - Virtual size: 1.7MB