b1209f37b485aed94a9edaaf3b6aa32a42ea3617549f7d63aa013a463c9f139e

Sharing

Copy URL Twitter E-mail

General

Target

b1209f37b485aed94a9edaaf3b6aa32a42ea3617549f7d63aa013a463c9f139e
Size

131KB
MD5

62cd44027480a0c833c500bf003b0dca
SHA1

32765634b5c77425ae0b4457c8f923195f5b45d0
SHA256

b1209f37b485aed94a9edaaf3b6aa32a42ea3617549f7d63aa013a463c9f139e
SHA512

a768e7a8d9a94448c383265abfb980fa49cc866763d948ac49074f9c8be0ef820b128cd78eb7c35805945379664e9ad7a565cb41c00b07a560c0ecf24f9b4b30
SSDEEP

3072:UjS8fiQDd78nqyoqsJkk5rhADgsBHK/X/1IHpLtPGmHfam2be:b48nqyoqCkkr+JK/X/1ctbHfv2be

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b1209f37b485aed94a9edaaf3b6aa32a42ea3617549f7d63aa013a463c9f139e
.exe windows x86

3ca5326fd9f681a823be8aa67e4c1aa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winsta

WinStationFreeMemory
WinStationOpenServerW
WinStationGetTermSrvCountersValue
WinStationEnumerateW
WinStationQueryInformationW

utildll

StrAsyncConnectState
StrConnectState

user32

wvsprintfW
CharToOemW
LoadStringW
wsprintfW

kernel32

GetACP
FindFirstFileW
FindNextFileW
lstrcpynW
GetFileAttributesW
GetCommandLineW
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
GetLastError
SetThreadUILanguage
GetConsoleOutputCP
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
GetOEMCP
LocalFree
LocalAlloc
FreeLibrary
LoadLibraryW
SetLastError
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleW
FormatMessageW

ntdll

memmove
wcstoul
wcscmp
_wcsnicmp
iswdigit
wcstol
wcsncpy
_ultoa
wcschr
wcslen
_snwprintf
_wcslwr
wcscat
wcscpy

msvcrt

free
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_wcsdup
fflush
_iob
fprintf
malloc
_wsetlocale
setlocale
printf
wprintf
vfwprintf
vswprintf
fwprintf

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ca5326fd9f681a823be8aa67e4c1aa9

Headers

DLL Characteristics

File Characteristics

Imports

winsta

utildll

user32

kernel32

ntdll

msvcrt

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 20KB

.rsrc Size: 6KB - Virtual size: 5KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 20KB

.rsrc
Size: 6KB - Virtual size: 5KB

.UPX0
Size: 108KB - Virtual size: 260KB