aa4dc38541657745852d08de53b4e48ad01fe0aee0d63c7b620b561b3400b8f7

Sharing

Copy URL Twitter E-mail

General

Target

aa4dc38541657745852d08de53b4e48ad01fe0aee0d63c7b620b561b3400b8f7
Size

122KB
MD5

7cacfde16f7e0fa716695e4b34f9c6f0
SHA1

962840a2d0a749ffbe6d7f54a9ba17f2ad3df597
SHA256

aa4dc38541657745852d08de53b4e48ad01fe0aee0d63c7b620b561b3400b8f7
SHA512

a5900d249f153699f11398285efeb2bf836b511ad83a7e7d2f3b5395cfa724f0bc01edf54eaf5af333e2de464b0e7c9195ac9d36267705a854f723e7cd0acf59
SSDEEP

3072:sK4JQ0x6zFichAPm+lwLgJnkOuQ7W8Xlq9:4x0FL5bgJnkOue+

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

aa4dc38541657745852d08de53b4e48ad01fe0aee0d63c7b620b561b3400b8f7
.exe windows x86

d48790695c806000ff5df5878d04a9af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CredUnprotectW
CredIsProtectedW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership

kernel32

HeapAlloc
GetProcessHeap
HeapFree
LocalFree
GetLastError
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
SetEvent
CloseHandle
WaitForSingleObject
CreateEventW
HeapSetInformation
InterlockedCompareExchange
LoadLibraryA
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
InterlockedExchange
DelayLoadFailureHook
UnhandledExceptionFilter

msvcrt

_controlfp
__p__fmode
?terminate@@YAXXZ
_except_handler4_common
__p__commode
_vsnwprintf
memcpy
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
__set_app_type

rpcrt4

RpcServerInqBindings
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIfEx
UuidFromStringW
RpcEpRegisterW
RpcServerListen
RpcEpUnregister
RpcBindingVectorFree
RpcServerUnregisterIf
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal
RpcBindingInqAuthClientW

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d48790695c806000ff5df5878d04a9af

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 960B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 728B

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 960B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 728B

.UPX0
Size: 108KB - Virtual size: 260KB