Behavioral task
behavioral1
Sample
499d440f84e0d1cd662575356b4398865063bef6cfc1078668a4cec6eacb9e22.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
499d440f84e0d1cd662575356b4398865063bef6cfc1078668a4cec6eacb9e22.exe
Resource
win10v2004-20240709-en
General
-
Target
499d440f84e0d1cd662575356b4398865063bef6cfc1078668a4cec6eacb9e22.exe
-
Size
4.1MB
-
MD5
96e31f5cbca751b3dcb3073477c0671f
-
SHA1
6e5e6a89e89aa903d872b8f7ae518ab46aafc59c
-
SHA256
499d440f84e0d1cd662575356b4398865063bef6cfc1078668a4cec6eacb9e22
-
SHA512
b55cac3971827f77c7a28b5f145bbd09bbcf73be19a8aaa35141be2917094e9286514ae165b177d52e157392a9f788fd35c26ed6e0c309ab57fc4e06a430d0b0
-
SSDEEP
98304:H5T2Ea6cNi9wWLbdITjbIotCB9eGja1lTKqfGH3BS+wYaVlN9:HDanQwW/EtCB9eGjazTKquH3BS+wYU
Malware Config
Signatures
-
Merlin family
-
Merlin payload 1 IoCs
resource yara_rule static1/unpack001/out.upx family_merlin -
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 499d440f84e0d1cd662575356b4398865063bef6cfc1078668a4cec6eacb9e22.exe unpack001/out.upx
Files
-
499d440f84e0d1cd662575356b4398865063bef6cfc1078668a4cec6eacb9e22.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 8.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 5.4MB - Virtual size: 5.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5.2MB - Virtual size: 5.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.1MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ