gozi | 10e6863438c559243979cfaf3e750d3244dbb7588dff6f12565cc8aa71c9b44dN

General

Target

10e6863438c559243979cfaf3e750d3244dbb7588dff6f12565cc8aa71c9b44dN
Size

3.8MB
MD5

6adf7c0d3e770b9962d9c976abd5d660
SHA1

3c595298d93f1bc8c456f06c517097aa98275974
SHA256

10e6863438c559243979cfaf3e750d3244dbb7588dff6f12565cc8aa71c9b44d
SHA512

9a7ce9b89a26643b5e5dd24713228c0280dd8de1fcf88286c4e84940597f98ab74499701492433bbe80cb23c5288fa3540012f971a996a885f27fad8145c2f12
SSDEEP

98304:Dg2KK3z9OP+9Rqc7h2BSUXfcrRk0kq4DfT:E2KKjQ+9RZ7lr23r

Score

10^/10

upx isfb miner gozi blackmoon xmrig

Malware Config

Extracted

Family

gozi

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

Gozi family
gozi

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/out.upx	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
10e6863438c559243979cfaf3e750d3244dbb7588dff6f12565cc8aa71c9b44dN
unpack001/out.upx

Files

10e6863438c559243979cfaf3e750d3244dbb7588dff6f12565cc8aa71c9b44dN
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.0MB

UPX1 Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 1.8MB - Virtual size: 1.9MB

.rsrc Size: 4KB - Virtual size: 800B

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 1.8MB - Virtual size: 1.9MB

.rsrc
Size: 4KB - Virtual size: 800B