r74859614[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

r74859614.zip
Size

61.0MB
MD5

e2b1d3c7ea9d548a4d56d23ad579ecdc
SHA1

76ac96b9c4084656343782a43f04a731970b46c6
SHA256

3a5bb9fc060622efa7c2d58a16cfdbd020a4e700240d240bd68f748f5a6c7522
SHA512

9b402c6615ce17e9071ab50acf5d033f54462c5bfa31b878b4b107713ad4c68c0e3e442e9a2a1fbdc5b4a5b8a83a75892ac4aaea4433b4185f023fc716168615
SSDEEP

1572864:v/JaN35wHxGIfaZAB+eu/FsL8T/ucCLlSTlW9p8omYIMD:v/JE3mHzievLupaEE9pg0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/KEYGEN by BTCR/Keygen.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KEYGEN by BTCR/Keygen.exe
unpack002/out.upx

Files

r74859614.zip
.zip
KEYGEN by BTCR/Keygen.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 681KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KEYGEN by BTCR/btcr.1.png
.png
KEYGEN by BTCR/btcr.2.png
.png
KEYGEN by BTCR/btcr.txt
Voicemeeter8Setup.exe
.exe windows:4 windows x86 arch:x86

31d23ccf844708ba42abf770e821a601

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:c1:a5:19:82:75:d8:6b:3a:d8:7f:5b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

21/05/2021, 14:59

Not After

22/05/2023, 14:59

Subject

SERIALNUMBER=423 734 177,CN=BUREL VINCENT,O=BUREL VINCENT,STREET=21 avenue des Marguerites,L=Eymet,ST=Dordogne,C=FR,1.3.6.1.4.1.311.60.2.1.3=#13024652,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:5c:18:d0:26:a4:3d:c4:62:3e:b2:16:9a:ff:dd:84:ee:29:3f:91
Signer

Actual PE Digest

e5:5c:18:d0:26:a4:3d:c4:62:3e:b2:16:9a:ff:dd:84:ee:29:3f:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
CreateFileA
QueryDosDeviceA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
WriteFile
SetFilePointer
CreateDirectoryA
RemoveDirectoryA
WideCharToMultiByte
VirtualFree
VirtualAlloc
SetFileAttributesA
SetStdHandle
GetStringTypeW
GetStringTypeA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
GetVersion
MultiByteToWideChar
GetModuleHandleA
GetCurrentProcess
GetVersionExA
GetCurrentDirectoryA
GetSystemTime
GetSystemDirectoryA
GetTickCount
CreateMutexA
GetLastError
ReleaseMutex
GetCurrentThread
SetThreadPriority
CreateThread
GetCommandLineA
GetStartupInfoA
HeapFree
CopyFileA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GetModuleFileNameA
FindFirstFileA
DeleteFileA
FindNextFileA
FlushFileBuffers
FindClose
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
MoveFileA

user32

LoadBitmapA
DrawTextA
PostMessageA
GetMessageA
LoadCursorA
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
GetClassNameA
GetWindowTextA
EnumWindows
GetWindow
LoadIconA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
SystemParametersInfoA
GetSystemMetrics
SetWindowPos
SetTimer
SetFocus
BeginPaint
EndPaint
KillTimer
PostQuitMessage
SetCursor
DefWindowProcA
MessageBoxA

gdi32

Rectangle
GetStockObject
SetTextColor
RoundRect
SetBkMode
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateFontIndirectA
GetObjectA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoFreeLibrary

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60.1MB - Virtual size: 60.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 681KB - Virtual size: 684KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 711KB - Virtual size: 710KB

.data Size: 84KB - Virtual size: 249KB

.idata Size: 1024B - Virtual size: 988B

.reloc Size: 38KB - Virtual size: 37KB

.symtab Size: 512B - Virtual size: 4B

31d23ccf844708ba42abf770e821a601

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

30:c1:a5:19:82:75:d8:6b:3a:d8:7f:5bCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

e5:5c:18:d0:26:a4:3d:c4:62:3e:b2:16:9a:ff:dd:84:ee:29:3f:91Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

setupapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 59KB

.rsrc Size: 60.1MB - Virtual size: 60.1MB

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 681KB - Virtual size: 684KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 711KB - Virtual size: 710KB

.data
Size: 84KB - Virtual size: 249KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 38KB - Virtual size: 37KB

.symtab
Size: 512B - Virtual size: 4B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

30:c1:a5:19:82:75:d8:6b:3a:d8:7f:5b
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

e5:5c:18:d0:26:a4:3d:c4:62:3e:b2:16:9a:ff:dd:84:ee:29:3f:91
Signer

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 59KB

.rsrc
Size: 60.1MB - Virtual size: 60.1MB