f12175a063e93342170cf4e7b8789af48ae0fb59ad12f309e058bcff3288d41b

General

Target

f12175a063e93342170cf4e7b8789af48ae0fb59ad12f309e058bcff3288d41b
Size

164KB
MD5

6a263db303aa4c03ec5906f5f0e05664
SHA1

49b458eef25033f863437bbbb4041b1d7abc697b
SHA256

f12175a063e93342170cf4e7b8789af48ae0fb59ad12f309e058bcff3288d41b
SHA512

bfa05b910d3ad92225fb86489772ea69bf29e3dadc188802e6aacb88753e4ad8f68eab27de95be9a97a9c845161142bd5e9e6e31f3d2922619b11b7d9ba70ef5
SSDEEP

3072:c9WXMg79566ABtW45BFx/7sg4nmiNaJ6fwXgPsGraIVCrMd+/KS8prJ:McM466ABtWqF0nmP6aIVCrVL8b

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

f12175a063e93342170cf4e7b8789af48ae0fb59ad12f309e058bcff3288d41b
.exe windows x86

78115ad7b9cdbd9ca4e1be9953154fcb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
shutdown
getprotobyname
socket
connect
setsockopt
getsockopt
select
recv
send
closesocket
WSAGetLastError
WSAStartup
gethostname
inet_ntoa
inet_addr
gethostbyname
htons
htonl
ntohl
getservbyname
ntohs

kernel32

GetModuleHandleA
GetSystemInfo
Sleep
GetProcAddress
LoadLibraryA
FormatMessageA
CreateEventA
GetModuleFileNameA
GetCommandLineA
CreateProcessA
WaitForMultipleObjects
GetVersionExA
GetEnvironmentVariableA
GetLastError
CloseHandle
SetEvent
FreeConsole
OpenEventA

user32

wsprintfA

advapi32

InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
IsValidAcl
SetSecurityDescriptorDacl
IsValidSecurityDescriptor

msvcr71

_vsnprintf
strstr
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_getpid
sprintf
_strlwr
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
memmove
strncpy
printf
_snprintf
exit
atoi

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

78115ad7b9cdbd9ca4e1be9953154fcb

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcr71

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 7KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 7KB

.UPX0
Size: 108KB - Virtual size: 260KB