aff2b6f2200cead17ae291eb75674ab679d7656c7e4a35c609cff5e9e930fb5c

Sharing

Copy URL Twitter E-mail

General

Target

aff2b6f2200cead17ae291eb75674ab679d7656c7e4a35c609cff5e9e930fb5c
Size

463KB
MD5

77bcfe89d8a056bf3cb5330a0aba17e2
SHA1

d0299919ce5d37f181c73cec97877f0b8ea505bd
SHA256

aff2b6f2200cead17ae291eb75674ab679d7656c7e4a35c609cff5e9e930fb5c
SHA512

843db6de10e1ad6ec2a501fc073bfff45c12f30e7436da8a0af91d401d4fc1fcd1abf956ed8cd86a1554a099b2df8ad696b08ae192c629172994a8e770754afb
SSDEEP

6144:VRBYmEbHBKIcRdz1PHXD/k/vvwazIFwqXeC1dWFizpFW3mQiXd/pVaFEaN5Uu1U2:VvMHlcDzFcnwUV+eYWIFW3Judg1U

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

aff2b6f2200cead17ae291eb75674ab679d7656c7e4a35c609cff5e9e930fb5c
.exe windows x86

b7576d17491b570f2b6bd142addb649a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ncpmif32

ord1
ord41
ord39
ord40

wsock32

getsockname
WSAStartup
socket
bind
WSAGetLastError
getsockopt
setsockopt
sendto
select
__WSAFDIsSet
recvfrom
WSACleanup
closesocket

kernel32

GetLocaleInfoA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
GetTickCount
QueryPerformanceCounter
CloseHandle
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
Sleep
CreateFileA
GetLastError
CreateMutexA
ReleaseMutex
CreateEventA
OpenEventA
SetEvent
WaitForSingleObject
GetWindowsDirectoryA
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetNumberOfConsoleInputEvents
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
SetEnvironmentVariableA
ExitThread
ResumeThread
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
MultiByteToWideChar
ReadFile
SetFilePointer
GetModuleHandleA
WideCharToMultiByte
GetConsoleCP
SetHandleCount
GetFileType
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
LCMapStringA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7576d17491b570f2b6bd142addb649a

Headers

DLL Characteristics

File Characteristics

Imports

ncpmif32

wsock32

kernel32

advapi32

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 25KB - Virtual size: 34KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 25KB - Virtual size: 34KB

.UPX0
Size: 108KB - Virtual size: 260KB