5cc0fb9fb738cc942e7694725cfad2e000ec027432d3ba904e0adf4d9a62391c

General

Target

5cc0fb9fb738cc942e7694725cfad2e000ec027432d3ba904e0adf4d9a62391c
Size

152KB
MD5

57252592c3f3c9c0dd28fa5190fbfd0a
SHA1

f172fd79d2fb002a020009406109641ba586cc6e
SHA256

5cc0fb9fb738cc942e7694725cfad2e000ec027432d3ba904e0adf4d9a62391c
SHA512

0398032c4886626734986cfc3487ef566878f844f2bc9c7584439b46e40a2e952c71dc960ba5e23fb22f5c04562a8a76420d15e9d83b783e7d142cd5d79a1af6
SSDEEP

3072:0DTTME4Km0xYHRRJoE25eirEqYVvoKznPTJ99RWqaDxfwodbvHVR1aVNf:EprTj2oKznLL9baIodb/VRwx

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

5cc0fb9fb738cc942e7694725cfad2e000ec027432d3ba904e0adf4d9a62391c
.exe windows x86

9475a68bca66ce124090611fb7782f2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lclose
GetSystemDefaultLangID
GetProcAddress
GetCurrentDirectoryA
_lopen
lstrlenA
lstrcatA
lstrcpyA
FreeLibrary
CloseHandle
LoadLibraryA
GetModuleFileNameA
CreateMutexA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetOEMCP
GetACP
SetStdHandle
SetFilePointer
GetLastError
GetCPInfo
HeapReAlloc
VirtualAlloc
RtlUnwind
VirtualFree
WriteFile
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
OpenMutexA
GetStdHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetEnvironmentStringsW
GetCurrentProcess
LCMapStringA
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

RegisterClassA
SendMessageA
LoadCursorA
LoadIconA
GetWindowLongA
PostQuitMessage
SetWindowsHookExA
DefWindowProcA
UnhookWindowsHookEx
wsprintfA
LoadStringA
MessageBoxA
DispatchMessageA
GetMessageA
TranslateMessage
FindWindowA
CreateWindowExA
UpdateWindow
SetForegroundWindow
IsIconic
ShowWindow

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9475a68bca66ce124090611fb7782f2f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 16KB - Virtual size: 13KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 16KB - Virtual size: 13KB

.UPX0
Size: 104KB - Virtual size: 252KB