eb039d950d2927ca1d3999c642191a6ca17d0d708bf4e52389847409154e95c3

Sharing

Copy URL Twitter E-mail

General

Target

eb039d950d2927ca1d3999c642191a6ca17d0d708bf4e52389847409154e95c3
Size

176KB
MD5

62bdaf6108deb97e1ae12afc261d7ab2
SHA1

3cebe65373045fdaf2e28e1d2dd1da6cbad657cb
SHA256

eb039d950d2927ca1d3999c642191a6ca17d0d708bf4e52389847409154e95c3
SHA512

af657f6f9876c21645d6cf75b9cdef061991b93f26f639d10409678451023eabb1f56cb17fbb8a3ae69650caa23f86b9a494087f6c62ef56b262b936f43b54db
SSDEEP

3072:lD92p6aNHaQt0FpTrxTZEq1djSZbRLVcxFe9vRIL80iOs+udXBe6QqaQu:+pDaFphT73jW9VcxEwL80iXbeUu

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

eb039d950d2927ca1d3999c642191a6ca17d0d708bf4e52389847409154e95c3
.exe windows x86

42a5485b2a1ad0e7c6fe9f4af8ebd25b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMenuItemInfoA
GetMessageA
GetDoubleClickTime
SetTimer
KillTimer
SetForegroundWindow
GetWindow
DefWindowProcA
CheckMenuRadioItem
IsDlgButtonChecked
SetMenuItemInfoA
PostMessageA
CheckDlgButton
GetDlgItem
CreatePopupMenu
LoadImageA
DestroyIcon
wsprintfA
AppendMenuA
GetCursorPos
TrackPopupMenu
InvalidateRect
PostQuitMessage
ShowWindow
WinHelpA
DestroyWindow
FindWindowA
LoadCursorA
RegisterClassA
RegisterWindowMessageA
RegisterDeviceNotificationA
UnregisterDeviceNotification
SetMenuDefaultItem
DestroyMenu
LoadStringA
IsDialogMessageA
CreateDialogParamA
DispatchMessageA
TranslateMessage
SendMessageA

kernel32

GetProcAddress
OpenFile
GlobalFree
FreeLibrary
DeviceIoControl
lstrcatA
LocalAlloc
GlobalAlloc
GlobalLock
lstrcmpA
GlobalUnlock
GlobalHandle
WinExec
CreateFileA
ExitProcess
lstrcmpiA
lstrcpyA
LoadLibraryA
lstrlenA
FormatMessageA
lstrcpynA
LocalFree
CloseHandle
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

shell32

Shell_NotifyIconA
ShellExecuteA

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA

winmm

mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerGetDevCapsA
mixerGetNumDevs
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutMessage
mixerGetID
mixerClose
mixerOpen
mixerMessage

batmeter

CreateBatMeter
BatMeterCapabilities
UpdateBatMeter
DestroyBatMeter

powrprof

WriteGlobalPwrPolicy
EnumPwrSchemes
GetActivePwrScheme
ReadGlobalPwrPolicy
SetActivePwrScheme

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42a5485b2a1ad0e7c6fe9f4af8ebd25b

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

winmm

batmeter

powrprof

Sections

.text Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 556B

.rsrc Size: 8KB - Virtual size: 5KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 556B

.rsrc
Size: 8KB - Virtual size: 5KB

UPX0
Size: 144KB - Virtual size: 380KB