8271d7658fc1a1cdfabc138ec49c5c4662a47652868a0449c526efe22f0606c7

General

Target

8271d7658fc1a1cdfabc138ec49c5c4662a47652868a0449c526efe22f0606c7
Size

1016KB
MD5

cad2a47fb4fc34affb68ca891ebc8d08
SHA1

80211ec03e0203d5d8af2299707e6a94631c3d71
SHA256

8271d7658fc1a1cdfabc138ec49c5c4662a47652868a0449c526efe22f0606c7
SHA512

a6d72c0c861ef48136c76d939b3aadf8004381ed3d11a0d1560fde7d40108fec4d882ec8eec45fe0bd96245c62eb008f27eb23b1ef964714080fb3c2ad6b9f6e
SSDEEP

24576:chNDRRPoO0B7mE0zDTIz6Q1+wICinCofXCY3lj:cPQRBqnDT46AICinRfXCY3lj

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/d578acf79e89bd720c332496d4f379c6d584c104fd0edb582f84a63d177f2d91	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d578acf79e89bd720c332496d4f379c6d584c104fd0edb582f84a63d177f2d91
unpack002/out.upx

Files

8271d7658fc1a1cdfabc138ec49c5c4662a47652868a0449c526efe22f0606c7
.zip

Password: infected
d578acf79e89bd720c332496d4f379c6d584c104fd0edb582f84a63d177f2d91
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

chacha
chacha_final
chacha_init
chacha_startup
chacha_update
hchacha
xchacha
xchacha_init

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 374KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 1.0MB - Virtual size: 1.0MB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 374KB - Virtual size: 395KB

.pdata Size: 20KB - Virtual size: 19KB

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 1.0MB - Virtual size: 1.0MB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 374KB - Virtual size: 395KB

.pdata
Size: 20KB - Virtual size: 19KB

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB