49c3d71ef40fa9b00db6f6d84f89ae9cd1b35c63d13401c0685a4acec79bbbfb

Sharing

Copy URL Twitter E-mail

General

Target

49c3d71ef40fa9b00db6f6d84f89ae9cd1b35c63d13401c0685a4acec79bbbfb
Size

240KB
MD5

71fcbdf510f511a1b77b36f9c816a500
SHA1

82c2d457c4159fa8c7e01b5cf850dc553e46ad81
SHA256

49c3d71ef40fa9b00db6f6d84f89ae9cd1b35c63d13401c0685a4acec79bbbfb
SHA512

9c598d4dcc7d911c76690228ce75c7655c08a2cff180789a7c5e308cf2725782019eed1a430b494502bf5fc038937ecfdbb6072a654c88c7b3dd6644c328d5ee
SSDEEP

6144:XwyFoeKO0lhhTYVyAQp2nBy09+XHHT3AlTlk6DTZui:XwyFoxhhTYVyAI2nBy09+XHrAZlvX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

49c3d71ef40fa9b00db6f6d84f89ae9cd1b35c63d13401c0685a4acec79bbbfb
.exe windows x86

1126d6776f2ed1abcec7327a4af6d4e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ReleaseMutex
GetLastError
CreateMutexA
SetLastError
OpenMutexA
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalFree
GlobalAlloc
GetVersionExA
MultiByteToWideChar
lstrcpyA
GetLocaleInfoA
GetCurrentProcessId
OpenProcess
GetModuleHandleA
TerminateProcess
SearchPathA
GetSystemTime
CopyFileA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
CloseHandle
TerminateThread
GetStartupInfoA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegCloseKey

comctl32

ImageList_Create
ImageList_Add

gdi32

DeleteObject

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_adjust_fdiv
isupper
time
srand
rand
_strupr
_stricmp
strtol
_findfirst
_findnext
_findclose
fread
fopen
fwrite
fclose
__CxxFrameHandler
malloc
free
_endthreadex
_beginthreadex
sprintf
_chdir
_rmdir
_mkdir
strrchr
exit
atoi
strstr
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_itoa
_strlwr
__p__commode
isdigit
??2@YAPAXI@Z
??3@YAXPAX@Z

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHGetSpecialFolderLocation
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
ExtractAssociatedIconA

user32

SendMessageA
SetWindowTextA
SetTimer
CreateWindowExA
GetClassNameA
EnumWindows
PeekMessageA
KillTimer
UpdateWindow
LoadBitmapA
SendDlgItemMessageA
MessageBeep
FlashWindow
MessageBoxA
SetWindowPos
DestroyWindow
RedrawWindow
PostMessageA
GetWindowRect
GetClientRect
MoveWindow
SetCursor
SetFocus
GetDlgItem
EnableWindow
GetWindowTextA
PostQuitMessage
ShowWindow
ReleaseCapture
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
RegisterWindowMessageA
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
ScreenToClient

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

Sections

UPX0
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1126d6776f2ed1abcec7327a4af6d4e9

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

msvcrt

ole32

shell32

user32

wininet

Sections

UPX0 Size: 212KB - Virtual size: 212KB

.rsrc Size: 3KB - Virtual size: 4KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 212KB - Virtual size: 212KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avp
Size: 3KB - Virtual size: 4KB