f00f519de6dd2992fefe05c84bd74960d756a4076ddb19606c439872a78c376e

General

Target

f00f519de6dd2992fefe05c84bd74960d756a4076ddb19606c439872a78c376e
Size

223KB
MD5

a7500df553a63884af88e08ddb727951
SHA1

c8463c432cef72a98a4468b94d031153d8be92bf
SHA256

f00f519de6dd2992fefe05c84bd74960d756a4076ddb19606c439872a78c376e
SHA512

d261a23a3249b41ee10855b1ff9d1a7dcd551d0bcf172187834c9fa926265683750b2595a759bb063d873b62bb34fe3f4deda2344c4dc4f17869d41b0bc0940d
SSDEEP

1536:RltXX83XssM8cMcXsM8XXX888cXMMMX8H8MMM3cHMXsX8XXsXM8McXs8MMM8c8cO:RlrQSfPsTcj/hhNunO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

f00f519de6dd2992fefe05c84bd74960d756a4076ddb19606c439872a78c376e
.exe windows x86

d5b6849230f44cdf1fac6c3618161740

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
DeleteFileA
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
Sleep
GetModuleFileNameA
GetModuleHandleA
GetLastError
CreateMutexA
ExitProcess
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetCurrentProcessId
GetCurrentThreadId
MultiByteToWideChar
SearchPathA
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte

advapi32

RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
RegOpenKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

user32

LoadCursorA
ShowWindow
DispatchMessageA
TranslateMessage
PeekMessageA
FindWindowA
LoadIconA
CreateWindowExA
RegisterClassExA
UpdateWindow

wininet

DeleteUrlCacheEntry

Sections

UPX0
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5b6849230f44cdf1fac6c3618161740

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

wininet

Sections

UPX0 Size: 220KB - Virtual size: 220KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 220KB - Virtual size: 220KB

.avc
Size: 2KB - Virtual size: 4KB