b7ff9ffa787f06c6af015787658f3c22bc3f915b668b70e7ce96d5537ba98689

General

Target

b7ff9ffa787f06c6af015787658f3c22bc3f915b668b70e7ce96d5537ba98689
Size

176KB
MD5

38d7a82b78fc4c822c427e32c564bde0
SHA1

dd72b72f21a50e690b9dbbcb4c361e55f3ffbc76
SHA256

b7ff9ffa787f06c6af015787658f3c22bc3f915b668b70e7ce96d5537ba98689
SHA512

49e6a12d1520160aee109b73888221871ea8ee865a53a3e5302b37f4713345f7013f31bbaa970509c4632456c01acd8e3d2b517d592b2a4f6b3fdb15e0f6a250
SSDEEP

1536:dZjXp0e2rBboJ6f30eZ9nyqqK/j8Wf0RsCxKoBD:/8lbq68g1dL8WfZCxKoBD

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b7ff9ffa787f06c6af015787658f3c22bc3f915b668b70e7ce96d5537ba98689
.exe windows x86

89a0cf28bf70caf4956d4a8522d22297

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetOEMCP
GetACP
lstrcpyA
CloseHandle
TerminateProcess
OpenProcess
ReadFile
GetStringTypeA
Process32First
CreateToolhelp32Snapshot
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
Sleep
GetCurrentProcessId
Process32Next
LCMapStringW
GetWindowsDirectoryA
LeaveCriticalSection
EnterCriticalSection
CopyFileA
lstrcatA
GetSystemDirectoryA
SetThreadPriority
CreateThread
GetModuleFileNameA
InitializeCriticalSection
GetCurrentProcess
CreateMutexA
OpenMutexA
GetSystemTime
DeleteFileA
MultiByteToWideChar
SetFilePointer
SetEndOfFile
LCMapStringA
FindClose
FindNextFileA
GetCPInfo
FindFirstFileA
CreateFileA
FreeEnvironmentStringsW
WideCharToMultiByte
SetStdHandle
FlushFileBuffers
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
GetLastError
UnhandledExceptionFilter
FreeEnvironmentStringsA
VirtualAlloc
GetFileType
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA

shell32

ShellExecuteA

user32

EnumWindows
SetCursorPos
GetCursorPos
GetWindowThreadProcessId
GetWindowTextA

ws2_32

htons
gethostbyname
socket
WSAStartup
connect
closesocket
recv
send

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89a0cf28bf70caf4956d4a8522d22297

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

ws2_32

Sections

UPX0 Size: 76KB - Virtual size: 76KB

UPX1 Size: 24KB - Virtual size: 24KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 76KB - Virtual size: 76KB

UPX1
Size: 24KB - Virtual size: 24KB

UPX2
Size: 72KB - Virtual size: 72KB