1eef96d9c3bc6356ae5d968b596b08fe2f331ba56de16e70b11dec82257c8133

General

Target

1eef96d9c3bc6356ae5d968b596b08fe2f331ba56de16e70b11dec82257c8133
Size

144KB
MD5

7197d113e5e2213b207eea98a43fd742
SHA1

1cd1fa4e48bf096ccd55192eb831cb9851d821b4
SHA256

1eef96d9c3bc6356ae5d968b596b08fe2f331ba56de16e70b11dec82257c8133
SHA512

67a4a53b0ae0265577e687c452b478d1c2bcfdd76c6e31c00f6c316db555b3c15d5793bfc9e5b6a81025c8fce4a9fbedefec26605179db7af53863a232f9a40e
SSDEEP

3072:EBmvTJ9lB4VI7X0Vv/y458T9xouYQzp9JVVdf9oskg4sqzV1d:EBMF0Ir0U4CZa8HSsqzB

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

1eef96d9c3bc6356ae5d968b596b08fe2f331ba56de16e70b11dec82257c8133
.exe windows x86

0ffa42a2d310601b756fec1c95b757ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
ReadFile
GetFileSize
SetFileAttributesA
VirtualProtect
GetStringTypeW
GetStringTypeA
GetLastError
CreateFileA
WriteFile
CloseHandle
ExitProcess
GetProcAddress
GetModuleHandleA
GetCurrentProcess
HeapFree
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetSystemInfo

user32

MessageBoxA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ffa42a2d310601b756fec1c95b757ee

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 189KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 189KB

.UPX0
Size: 104KB - Virtual size: 252KB