cdd5489cb088692227f29ba7f09ccc14e195b14a0df7cefcf3adf0db3c253b53

Sharing

Copy URL Twitter E-mail

General

Target

cdd5489cb088692227f29ba7f09ccc14e195b14a0df7cefcf3adf0db3c253b53
Size

253KB
MD5

759a58ca5d46a6f358cbd98776a70bf8
SHA1

e5fac10f1912ddc35c88821c1b3a0f5ca23b2042
SHA256

cdd5489cb088692227f29ba7f09ccc14e195b14a0df7cefcf3adf0db3c253b53
SHA512

fd2c5632f2a0aed2ffb6dc5466cd25dd9d0d055a61a9acde0442acfb92c76ce6a445592e6297ac1344bb6ee6214dca06aebd3772b10e7c5a90bd38b49df1f371
SSDEEP

6144:6A8OTDcDfsjC3yxpT2+k3aPWfVQulgEyHdBBauw:6A8OTDqHCxpTcf+u2E2w

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

cdd5489cb088692227f29ba7f09ccc14e195b14a0df7cefcf3adf0db3c253b53
.exe windows x86

f6cec465abb47871a28e65bd13f9ab56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcServerUnregisterIf
RpcServerListen
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIf

user32

GetDesktopWindow

kernel32

CloseHandle
CreateFileA
GetConsoleOutputCP
FlushFileBuffers
GlobalDeleteAtom
GlobalAddAtomA
FreeLibrary
LoadLibraryA
GetProcAddress
WriteConsoleA
TlsSetValue
HeapValidate
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
WriteFile
GetStdHandle
InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
SetStdHandle

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6cec465abb47871a28e65bd13f9ab56

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

user32

kernel32

advapi32

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 12KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 12KB

.UPX0
Size: 104KB - Virtual size: 252KB