8fb5bcc0e2fcd4f963a74ff5efdb8fd036752774d86f4c79f78e1bd022437ca1

General

Target

8fb5bcc0e2fcd4f963a74ff5efdb8fd036752774d86f4c79f78e1bd022437ca1
Size

178KB
MD5

51591a6e30f2d888189750faf86cfd07
SHA1

270a74ab49709a68814c2f4cec4f8bfbefe5f138
SHA256

8fb5bcc0e2fcd4f963a74ff5efdb8fd036752774d86f4c79f78e1bd022437ca1
SHA512

761bcbbccaff6a753f6734586ac461a55aaf5cb77334f02a45626e1898e9b1d08a59b8403cee6dc3451a96f50d52b6af914e898d417d73a2f97eb3c89afb2d16
SSDEEP

3072:8dPR9mTgt0HkhgnBKUpyUne6rGN3PW7RedUI/KO060d2GPPnOq:SRsgmEup5eZPCDO0602GHn

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

8fb5bcc0e2fcd4f963a74ff5efdb8fd036752774d86f4c79f78e1bd022437ca1
.exe windows x86

3696035c50a19ef9b2bf182591d072ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wtoi
??2@YAPAXI@Z
_wcsicmp
iswdigit
printf
malloc
free
_vsnwprintf
wcslen
_wcsupr
_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
swscanf
__setusermatherr
??3@YAXPAX@Z

kernel32

CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DeviceIoControl
CreateFileW
SetTapePosition
SetThreadUILanguage
EraseTape
GetComputerNameW
GetLastError
WideCharToMultiByte
GetModuleHandleW

ntmsapi

SetNtmsUIOptionsW
AllocateNtmsMedia
InventoryNtmsLibrary
SetNtmsDeviceChangeDetection
DeleteNtmsMediaPool
CreateNtmsMediaPoolW
AccessNtmsLibraryDoor
EjectNtmsMedia
MoveToNtmsMediaPool
GetNtmsObjectInformationW
SetNtmsObjectInformationW
GetNtmsUIOptionsW
DismountNtmsMedia
MountNtmsMedia
CloseNtmsSession
DeallocateNtmsMedia
OpenNtmsSessionW
EnumerateNtmsObject

user32

LoadStringW

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3696035c50a19ef9b2bf182591d072ee

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ntmsapi

user32

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 848B

.rsrc Size: 33KB - Virtual size: 33KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 848B

.rsrc
Size: 33KB - Virtual size: 33KB

.UPX0
Size: 108KB - Virtual size: 260KB