e48f05fa2454b0bd3049b5ca98c2221c7bce5993f38d6ff78ed083898bc3ed68

Sharing

Copy URL Twitter E-mail

General

Target

e48f05fa2454b0bd3049b5ca98c2221c7bce5993f38d6ff78ed083898bc3ed68
Size

822KB
MD5

d977014903a87b7761d90ab6da060e69
SHA1

4ecd473179fd26a30d45410579aa178a936e65c7
SHA256

e48f05fa2454b0bd3049b5ca98c2221c7bce5993f38d6ff78ed083898bc3ed68
SHA512

c1bc75482b7299eb2e0fc9038dfcad80c3aebdd05583fd57e436c72ec0cffac5eed353f116cca24460d34363ec989fe91204a540256e09615aecdf40fe22c082
SSDEEP

12288:+E1MHi/CcnWDGvo0TYUMM+us7GofgFALV2caqbBDotvk3/vJk7g3t0gKKKt:+C+iakmU3+9GAqxcf+5EBk7q0XKKt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keygen-CRD/keygen-CRD/kg.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Aida64_4in1_Keygen_v1.6_By_DFoX/Aida64_4in1_Keygen_v1.6_By_DFoX/Aida64_4in1_Keygen_v1.6_By_DFoX.exe
unpack001/KeyGen-CHiLi/KeyGen-CHiLi/v1.7/chili-keygen.exe
unpack001/KeyGen-CHiLi/KeyGen-CHiLi/v1.x/CHiLi-Keygen.exe
unpack001/keygen-CRD/keygen-CRD/kg.exe

Files

e48f05fa2454b0bd3049b5ca98c2221c7bce5993f38d6ff78ed083898bc3ed68
.zip
Aida64_4in1_Keygen_v1.6_By_DFoX/Aida64_4in1_Keygen_v1.6_By_DFoX/Aida64_4in1_Keygen_v1.6_By_DFoX.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Aida64_Keygen.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Aida64_4in1_Keygen_v1.6_By_DFoX/Aida64_4in1_Keygen_v1.6_By_DFoX/Aida64_4in1_Keygen_v1.6_By_DFoX.jpg
.jpg
KeyGen-CHiLi/KeyGen-CHiLi/v1.7/CHiLi.nfo
KeyGen-CHiLi/KeyGen-CHiLi/v1.7/chili-keygen.exe
.exe windows:5 windows x86 arch:x86

8c8b78ff4a5bb694ae1b0a40cec3dcdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

LoadIconA

gdi32

DeleteObject

winmm

waveOutOpen

Sections

.MPRESS1
Size: 65KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KeyGen-CHiLi/KeyGen-CHiLi/v1.7/file_id.diz
KeyGen-CHiLi/KeyGen-CHiLi/v1.x/CHiLi-Keygen.exe
.exe windows:5 windows x86 arch:x86

8c8b78ff4a5bb694ae1b0a40cec3dcdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

LoadIconA

gdi32

DeleteObject

winmm

waveOutOpen

Sections

.MPRESS1
Size: 68KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KeyGen-CHiLi/KeyGen-CHiLi/v1.x/CHiLi.nfo
KeyGen-CHiLi/KeyGen-CHiLi/v1.x/file_id.diz
keygen-CRD/keygen-CRD/crd_losa.jpg
.jpg
keygen-CRD/keygen-CRD/crude.jpg
.jpg
keygen-CRD/keygen-CRD/crude.nfo
keygen-CRD/keygen-CRD/file_id.diz
keygen-CRD/keygen-CRD/kg.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 508KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 246KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 744KB - Virtual size: 744KB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 512B - Virtual size: 12B

8c8b78ff4a5bb694ae1b0a40cec3dcdf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Sections

.MPRESS1 Size: 65KB - Virtual size: 348KB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

8c8b78ff4a5bb694ae1b0a40cec3dcdf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Sections

.MPRESS1 Size: 68KB - Virtual size: 408KB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 508KB

UPX1 Size: 246KB - Virtual size: 248KB

.rsrc Size: 18KB - Virtual size: 20KB

.text
Size: 744KB - Virtual size: 744KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 512B - Virtual size: 12B

.MPRESS1
Size: 65KB - Virtual size: 348KB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

.MPRESS1
Size: 68KB - Virtual size: 408KB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 508KB

UPX1
Size: 246KB - Virtual size: 248KB

.rsrc
Size: 18KB - Virtual size: 20KB