1279d26dae862bb906335d0fe6591c413a404722599ab9e702f7ddb304766efa

General

Target

1279d26dae862bb906335d0fe6591c413a404722599ab9e702f7ddb304766efa
Size

55KB
MD5

6c0bb49047b857023616dbc8fffe8dc0
SHA1

1d0780094625601ad0c77187400a1fd285a7a8ea
SHA256

1279d26dae862bb906335d0fe6591c413a404722599ab9e702f7ddb304766efa
SHA512

55a932f7afa5a5a137046313ec9819471f564d760335de03f40e20273fa95fa65f65d64219d51d7e9806860f0732a420bbf9d7685dd238d7f90949efddbe3f3a
SSDEEP

768:M9jINzIR61/C+uMFIzWSQCwxXYBa/5x8kuvRpu1YAk8RGT:OjAzI61/CsFSfXgYkuvRp0Y5HT

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

1279d26dae862bb906335d0fe6591c413a404722599ab9e702f7ddb304766efa
.dll windows x86

1da0aaf20f53e900ecaa0b3ad2e6829f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetCurrentThread
GetCurrentProcess
GetComputerNameA
SetEvent
GetCurrentThreadId
WaitForSingleObject
TerminateThread
CreateEventA
VirtualAlloc
GetModuleHandleA
CreateProcessA
GetThreadContext
VirtualQueryEx
CreateMutexA
GetLastError
GetVersionExA
GetTickCount
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
CloseHandle
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
GetModuleFileNameA
FindClose
FindFirstFileA
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateThread
ReleaseMutex
CreateFileA
GlobalAlloc
LockResource
GlobalFree
DeviceIoControl
SetFileTime
GetFileTime

advapi32

OpenSCManagerA
ControlService
SetServiceStatus
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
StartServiceA
CloseServiceHandle
CreateServiceA
OpenServiceA

mfc42

msvcrt

_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
atoi
srand
rand
_ftol
memmove
sprintf
calloc
_stricmp
isdigit
free
time
wcstombs
__CxxFrameHandler
_strnicmp

user32

wsprintfA

Exports

Exports

ServiceMain

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1da0aaf20f53e900ecaa0b3ad2e6829f

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

user32

Exports

Exports

Sections

UPX0 Size: 52KB - Virtual size: 52KB

.rsrc Size: 512B - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 512B - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB