fc411821f2859fda3a40add4fe23bd478dee455def70cdb6f0fdb2012d2517dc

Sharing

Copy URL

Twitter E-mail

General

Target

fc411821f2859fda3a40add4fe23bd478dee455def70cdb6f0fdb2012d2517dc
Size

130KB
MD5

6cbbf3db6b17fe169d2e7381004e4bdc
SHA1

43b24932a417079b00ae5ef43e0080f10f9a3495
SHA256

fc411821f2859fda3a40add4fe23bd478dee455def70cdb6f0fdb2012d2517dc
SHA512

73725f19f50b4065457b1025a262fe7024f0f17654d209eced756da84f30843a9488b75680cb826ce3b8a9193e33d776fea459dcc680fec2bc8358feac143073
SSDEEP

3072:lMkbIsE6BWBsa2oZjmQ5nkz40uE/5a8aFrGOraqP4D5:SV66saLqo+B/+Nraqgd

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fc411821f2859fda3a40add4fe23bd478dee455def70cdb6f0fdb2012d2517dc
.exe windows x86

7c8741f70dba2a3b3f2eca7618b89cc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

kernel32

GetFileAttributesW
CompareStringW
GetCurrentProcessId
lstrlenW
ExpandEnvironmentStringsW
CreateDirectoryW
SetLastError
GetModuleFileNameW
HeapAlloc
HeapSetInformation
MultiByteToWideChar
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
LoadLibraryW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetProcAddress
HeapFree
GetProcessHeap
FreeLibrary

msvcrt

_amsg_exit
__setusermatherr
_adjust_fdiv
_vsnwprintf
_initterm
iswdigit
malloc
free
exit
_strnicmp
_XcptFilter
_exit
_cexit
__getmainargs
_stricmp
_wcsnicmp
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_vsnprintf
wcsrchr
memset
wcschr

dhcpcsvc

DhcpEnableDhcp

user32

CharNextW

iphlpapi

InitializeIpForwardEntry
ConvertInterfaceNameToLuidW
ConvertInterfaceAliasToLuid
ConvertStringToInterfacePhysicalAddress
ConvertInterfacePhysicalAddressToLuid
InitializeUnicastIpAddressEntry
InternalCreateUnicastIpAddressEntry
ParseNetworkString
ConvertInterfaceLuidToNameW
InternalCreateIpForwardEntry2

nsi

NsiSetAllParameters
NsiGetAllParameters

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c8741f70dba2a3b3f2eca7618b89cc7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

dhcpcsvc

user32

iphlpapi

nsi

ntdll

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB