3efeef7e4c5ed946e2b6480b1d271b9f4a050e531edac9e022abba6c399f2d37

Sharing

Copy URL Twitter E-mail

General

Target

3efeef7e4c5ed946e2b6480b1d271b9f4a050e531edac9e022abba6c399f2d37
Size

144KB
MD5

299a7fa7b69540393fe9ed7751f4c7c8
SHA1

07ecb39ef94996e567f45f2cc2af58edcfa59539
SHA256

3efeef7e4c5ed946e2b6480b1d271b9f4a050e531edac9e022abba6c399f2d37
SHA512

ae4b0ebbd111625b86419bf6adb6eccdd4488e365500b77cc725446801d46d86697e706382e2dfc1e884de3c8872ecc5d49de3dbf54a26613b58ed1a8ffb25ea
SSDEEP

3072:5daJlk8I7JedEoyrfmA2321EdXlMkLfVyg9J2fWWSgG57b:aJlR21EdX6k5/9Jnb

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

3efeef7e4c5ed946e2b6480b1d271b9f4a050e531edac9e022abba6c399f2d37
.exe windows x86

044f8e1a7d7ab829b898de00b992f4a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
lstrlenA
lstrcpyA
CloseHandle
WinExec
GetModuleFileNameA
GetPrivateProfileIntA
GetWindowsDirectoryA
GlobalFree
ReadFile
GlobalAlloc
GetFileSize
OpenFile
lstrcmpA
GetUserDefaultLangID
CreateFileA
HeapReAlloc
TerminateProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapAlloc
GetCurrentProcess
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
VirtualAlloc
GetPrivateProfileStringA
GetModuleHandleA
GetDriveTypeA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetLastError
GetProcAddress

user32

DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
LoadImageA
RegisterClassExA
GetWindowLongA
SetWindowTextA
MessageBoxA
MoveWindow
BeginPaint
EndPaint
GetCapture
ReleaseCapture
InvalidateRect
GetDesktopWindow
PostQuitMessage
DialogBoxParamA
GetForegroundWindow
PostMessageA
GetActiveWindow
GetDC
ReleaseDC
EndDialog
wsprintfA
LoadStringA
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetWindowPos
FindWindowA
IsIconic
ShowWindow
SetForegroundWindow
LoadCursorA
LoadIconA
CreateWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibRealize
DrawDibClose

winmm

PlaySoundA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

044f8e1a7d7ab829b898de00b992f4a3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvfw32

winmm

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 3KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 3KB

.UPX0
Size: 104KB - Virtual size: 252KB