c5fd73278ae09fc20c45dc227bda3d4ca29e8cd23550be226eed3a27d6d25d44

Sharing

Copy URL Twitter E-mail

General

Target

c5fd73278ae09fc20c45dc227bda3d4ca29e8cd23550be226eed3a27d6d25d44
Size

890KB
MD5

4202f10c48aaaaa9a9cd19363f004cdd
SHA1

d050b8349ab0d4078dad00d57fc0646f8fd99bd5
SHA256

c5fd73278ae09fc20c45dc227bda3d4ca29e8cd23550be226eed3a27d6d25d44
SHA512

5463e57fbc99d868dc841ba2aaea87ae246447572dc0ffd724b1155acfd84af1d794ac7ed4a1282997d2a647187c0879c9068760ab12c31a3785db0d411972d0
SSDEEP

12288:78qrld/rXTIpGF1kwAv8AtJvbpYTOZtHjI:78Id/rXTIpGF1StXpYTOZtHj

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c5fd73278ae09fc20c45dc227bda3d4ca29e8cd23550be226eed3a27d6d25d44
.exe windows x86

0991256088c31a2d95fd9980f3a571f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW
PathIsDirectoryW

shell32

ShellExecuteW
ShellExecuteExW
ord43

kernel32

HeapSize
RtlUnwind
LoadLibraryW
InterlockedExchange
HeapReAlloc
GetVersionExW
GetPrivateProfileStringW
CloseHandle
WaitForMultipleObjects
CreateEventW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetLastError
LocalAlloc
LocalFree
CreateFileW
FormatMessageW
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
Sleep
GetLocalTime
SetEvent
GetCommandLineW
HeapSetInformation
GetStartupInfoW
WideCharToMultiByte
GetSystemTimeAsFileTime
InterlockedDecrement
GetCPInfo
HeapFree
DecodePointer
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
RaiseException
IsProcessorFeaturePresent
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointer

user32

SetWindowTextW
EndDialog
SetDlgItemTextW
LoadIconW
SendMessageW
LoadStringW
DialogBoxParamW
GetWindowLongW

advapi32

RegQueryValueExW
OpenServiceW
ControlService
CloseServiceHandle
RegOpenKeyExW
RegCloseKey
OpenSCManagerW

comctl32

InitCommonControlsEx

crypt32

CertOpenStore
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0991256088c31a2d95fd9980f3a571f6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

kernel32

user32

advapi32

comctl32

crypt32

imagehlp

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 16KB

.rsrc Size: 669KB - Virtual size: 668KB

.reloc Size: 10KB - Virtual size: 9KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 669KB - Virtual size: 668KB

.reloc
Size: 10KB - Virtual size: 9KB

UPX0
Size: 144KB - Virtual size: 380KB