gozi | c688aae516ace671f7fa824fdec8bd707c372ca848940bc1892395f8ebbedb93

General

Target

c688aae516ace671f7fa824fdec8bd707c372ca848940bc1892395f8ebbedb93
Size

2.5MB
MD5

642a17854f3d6bfba19c14fe37d4330e
SHA1

3bfefe6bf91fe3743b64ca4fe643bf8c347e83c5
SHA256

c688aae516ace671f7fa824fdec8bd707c372ca848940bc1892395f8ebbedb93
SHA512

d1b9bcd7f187763e308db2a18222bab10acd070afbe766d6231c2d34cf78e7716d0666a8dc1d986e74f8d93bdd6ede205fb472917de1398f8763adcb78a89db9
SSDEEP

49152:S+ggKOb+Hqoo3gU9DPjOP+9Rq1S78JgxVJ9y9EvpoWoGODTPnAlm26TKY5:Dg2KK3z9OP+9Rqc7zJy9QoLalc

Score

10^/10

upx isfb miner gozi blackmoon xmrig

Malware Config

Extracted

Family

gozi

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_blackmoon

Gozi family
gozi

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/out.upx	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c688aae516ace671f7fa824fdec8bd707c372ca848940bc1892395f8ebbedb93
unpack001/out.upx

Files

c688aae516ace671f7fa824fdec8bd707c372ca848940bc1892395f8ebbedb93
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.0MB

UPX1 Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 1.8MB - Virtual size: 1.9MB

.rsrc Size: 4KB - Virtual size: 800B

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 1.8MB - Virtual size: 1.9MB

.rsrc
Size: 4KB - Virtual size: 800B