6947cdc3e9a36cadc76a901c7c7c0a76e2e45c75ec79215420f7cdb55dc7360b

Sharing

Copy URL Twitter E-mail

General

Target

6947cdc3e9a36cadc76a901c7c7c0a76e2e45c75ec79215420f7cdb55dc7360b
Size

139KB
MD5

02e19d750826e09454661571d4071cb0
SHA1

f84df2045c3b81049cb359628c7d2d688232cfcb
SHA256

6947cdc3e9a36cadc76a901c7c7c0a76e2e45c75ec79215420f7cdb55dc7360b
SHA512

e93b990b603813651a593d3f71fd3a6d1eb86cd8d4a936ff3cb4ae0ccd09e8b69e466b37bf87089b0b11ca8fb0fbaec99a4fea730334ea067247aadbceba527d
SSDEEP

3072:MdI2nOACMY4zV6CCr/a5pvycaiQp3B+IgZZXz15SP5r2zFEyfldtD:MnnOpMXV6CCr/kve3sIg5wrQfLt

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

6947cdc3e9a36cadc76a901c7c7c0a76e2e45c75ec79215420f7cdb55dc7360b
.exe windows x86

e1a8c31d8f90860fedc41666f6e94019

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lego

??3Base@@SAXPAX@Z
?Add@_ArrayImp@@IAEXPBX@Z
?GetPointer@_ArrayImp@@IBEPAXH@Z
?Transfer@_ArrayImp@@UAEXAAVStream@@@Z
?TypeID@Base@@UBEHXZ
??0_ArrayImp@@IAE@HHW4teDuplicates@@_N@Z
?LocateData@_ArrayImp@@IBEHPBX@Z
?Flush@_ArrayImp@@QAEXXZ
??1_ArrayImp@@MAE@XZ
?Sprintf@@YAPBDPBDZZ
?Strdup@@YIPADPBD@Z
??0Point3D@@QAE@XZ
?Scanf@IniFile@@QAAHPBD0ZZ
?PutN@IniFile@@QAIXPBDH@Z
?Count@_ArrayImp@@QBEHXZ
?PutS@IniFile@@QAIXPBD0@Z
??AIniFile@@QAIAAV0@PBD@Z
@GetLocalFile@4
??0IniFile@@QAE@PBD0@Z
?GetN@IniFile@@QAIHPBD@Z
?GetF@IniFile@@QAINPBD@Z
?GetS@IniFile@@QAIPBDPBD@Z
?BlanksToHyphens@TxtUtil@@YIPBDPBD@Z
@DoubleToSz@12
?Free@DebugAllocator@@YIXPAX@Z
?Alloc@DebugAllocator@@YIPAXI_NPBD@Z

msvcr90

_cexit
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
fprintf
fclose
fopen
strcat
sprintf
strcpy
printf
__CxxFrameHandler3
strchr
strrchr
strstr
_amsg_exit
__getmainargs
_strupr
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1a8c31d8f90860fedc41666f6e94019

Headers

DLL Characteristics

File Characteristics

Imports

lego

msvcr90

kernel32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB