bda8cca29d92f27922200367478f57d905c696751dd88c96e4c39dc1cb23f96f

General

Target

bda8cca29d92f27922200367478f57d905c696751dd88c96e4c39dc1cb23f96f
Size

107KB
MD5

014c1623fb35d93f6a5f7e24b0d15250
SHA1

16bb22c5aa461d2868d1925853b6f1ad785aab62
SHA256

bda8cca29d92f27922200367478f57d905c696751dd88c96e4c39dc1cb23f96f
SHA512

c657f411839dffe8ee3f387dab6564363f650fdedcd81df60715cd4f4be68f5ddb2d185953947b4b3075d5d6986b472eae1a659669569a9beb628e6a66b472be
SSDEEP

768:Ee6ZTPpTOODZ+KT3dKyu6dtOAhZPDWwp5A3ua4K8anyCGhXLvGRaCYrvusd+6ED5:Ee6dRiUAs5dK8aPGVLvGOJdALacQRk

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

bda8cca29d92f27922200367478f57d905c696751dd88c96e4c39dc1cb23f96f
.exe windows x86

82221e1f65132f8fd231847ca5548128

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
TerminateProcess
Sleep
CreateProcessA
OpenProcess
ReadFile
CreateFileA
SetFilePointer
GetModuleFileNameA
WriteFile
GetCurrentProcessId
GetLastError
CreateMutexA
ExitProcess
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
MoveFileA
GetFileAttributesA
FreeLibrary
CopyFileA
CreateDirectoryA
GetSystemDirectoryA
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleA
GetCurrentProcess
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
HeapSize
GetACP
GetOEMCP
RtlUnwind
InterlockedExchange
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
FlushFileBuffers
LoadLibraryA
GetProcAddress
GetStartupInfoA

advapi32

RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey

user32

MessageBoxA
CreateDesktopA
SetThreadDesktop

Sections

UPX0
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82221e1f65132f8fd231847ca5548128

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

UPX0 Size: 104KB - Virtual size: 104KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 104KB - Virtual size: 104KB

.avp
Size: 2KB - Virtual size: 4KB