a2208fcf8cbbad9142a2a9e2e15bffc00210421422066e9ba1065a12e630be1c

Sharing

Copy URL Twitter E-mail

General

Target

a2208fcf8cbbad9142a2a9e2e15bffc00210421422066e9ba1065a12e630be1c
Size

360KB
MD5

96cdd4e01509b4ea28e7de37b74f9772
SHA1

ec244f62b26796320b2fad34891ec932ccd2a309
SHA256

a2208fcf8cbbad9142a2a9e2e15bffc00210421422066e9ba1065a12e630be1c
SHA512

a2e3c6952a5dcecceaa0a22189f6be486d31c38b3f1b88ddc76ab64252842be4cee30501c6cc5f99cb7874075c3bab03bacbde50a6a7e4e2b3a13a2b6a3ec49a
SSDEEP

6144:7DgSgOyRTiOsMbOu/IPnl8EuiVnoNMBETFnwdGMRe1SJ3/V:fXY9iobP/IPnl85Qno3noRekt/V

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a2208fcf8cbbad9142a2a9e2e15bffc00210421422066e9ba1065a12e630be1c
.exe windows x86

0f4a057b3c185c3f079dab3067f1e430

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
ReleaseMutex
CreateEventA
SetEvent
WaitForSingleObject
GetSystemTime
GetWindowsDirectoryA
GetModuleFileNameA
UnmapViewOfFile
GetLastError
CreateFileA
Sleep
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalMemoryStatus
GetCurrentProcessId
GetLocalTime
SetLastError
SetEnvironmentVariableA
CompareStringA
CompareStringW
RtlUnwind
HeapAlloc
HeapFree
GetTimeZoneInformation
CloseHandle
ResumeThread
CreateThread
TlsSetValue
ExitThread
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
GetEnvironmentStringsW
TlsGetValue
ReadFile
SetFilePointer
UnhandledExceptionFilter
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetOEMCP
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetStringTypeA
SetEndOfFile
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyExA
RegSetValueExA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ncpmif32

ord41
ord40
ord1
ord39

wsock32

closesocket
sendto
recvfrom
bind
socket
WSAGetLastError
WSACleanup
getsockopt
setsockopt
WSAStartup

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f4a057b3c185c3f079dab3067f1e430

Headers

File Characteristics

Imports

kernel32

advapi32

ncpmif32

wsock32

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 44KB - Virtual size: 58KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 44KB - Virtual size: 58KB

.UPX0
Size: 108KB - Virtual size: 260KB