3034ab626093c71971c60166fb8bf3b9271dea010a1c53cc2bafc9e6157e3ab6

Sharing

Copy URL

Twitter E-mail

General

Target

3034ab626093c71971c60166fb8bf3b9271dea010a1c53cc2bafc9e6157e3ab6
Size

155KB
MD5

601dcd1d7f428fba116b7db6ee53a67f
SHA1

020a828516eb702f356acdba0df908f72bc3fff0
SHA256

3034ab626093c71971c60166fb8bf3b9271dea010a1c53cc2bafc9e6157e3ab6
SHA512

04dbcb191699e1f391941c2ab14f31d5c28a46e6eb4fdba9fcfeecca048a8de0935ab6f709a88230b8fa429a7a226757a251fbf558e6ee8f9ad4d1b397735dd6
SSDEEP

3072:6KCNTpuILvBicQ6/uOCsf057v3s1SlsH1yR8:6vNTkcl/uOCsf054uWyq

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

3034ab626093c71971c60166fb8bf3b9271dea010a1c53cc2bafc9e6157e3ab6
.exe windows x86

169f2b7276117fc7f04f6b09fba5d746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
MultiByteToWideChar
CloseHandle
WaitForSingleObject
CreateProcessW
GetLastError
SearchPathW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindNextFileW
FindFirstFileW
LocalFree
GetCurrentDirectoryW
GetLocaleInfoW
SetCurrentDirectoryW
GetLocalTime
SetErrorMode
FileTimeToDosDateTime
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleFileNameW
GetConsoleOutputCP
ExitProcess
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
HeapReAlloc
HeapFree
WriteConsoleW
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetUserDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
GetStdHandle
GetFileType
GetConsoleMode

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcstoul
toupper
_vsnwprintf
_ui64tow
_ultow
_iob
_errno
_get_osfhandle
_fileno
wcstod
wcstol
fflush
fprintf

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

user32

CharLowerW
CharUpperW
LoadStringW

ws2_32

WSACleanup

shlwapi

StrStrIW
StrChrIW
StrDupW
StrPBrkW
PathRelativePathToW
StrRChrW
StrChrW
StrStrW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

169f2b7276117fc7f04f6b09fba5d746

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

version

user32

ws2_32

shlwapi

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 496B

.rsrc Size: 12KB - Virtual size: 12KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 496B

.rsrc
Size: 12KB - Virtual size: 12KB

.UPX0
Size: 108KB - Virtual size: 260KB