91abeb7cc74b396d1effe2832eee4d6449ce866edd54b50f7d148d7645e189f0

Sharing

Copy URL Twitter E-mail

General

Target

91abeb7cc74b396d1effe2832eee4d6449ce866edd54b50f7d148d7645e189f0
Size

228KB
MD5

78348dd358e43eb9d6219e363bbf9cc5
SHA1

24f78f3faedf1e1615574d58064a5971611969fd
SHA256

91abeb7cc74b396d1effe2832eee4d6449ce866edd54b50f7d148d7645e189f0
SHA512

1dfad02cf1e3a945149b64d0ba0ef2e85dfd87310ce217695b07a083c7a18b04d8c865d14bd97ff488c51309d977168af5ce960372e0e526ec80f579c05a562d
SSDEEP

3072:5abcfY4kZfUUKI9joBWGd0h9se8SC8PGPWrCh4v5e6ERwv7UX3MbEWVjJUV:cD2UKFAGA9se8SC8PGc7UX30Jw

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

91abeb7cc74b396d1effe2832eee4d6449ce866edd54b50f7d148d7645e189f0
.exe windows x86

0b1e009d6204c187361d10b4d8ebcbd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
RegisterApplicationRestart
LoadLibraryW
HeapSetInformation
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetProcAddress
LoadLibraryA
LocalFree
LocalUnlock
LocalLock
LocalAlloc
GetSystemDirectoryA
CreateFileA
GetFileSize
CloseHandle
MoveFileExA
GetModuleFileNameA
SetUnhandledExceptionFilter

user32

FindWindowW
GetLastActivePopup
IsIconic
OpenIcon
SetForegroundWindow
MessageBoxA
BringWindowToTop
MessageBoxW
LoadStringW
LoadIconW
RegisterClassW
CreateWindowExW
ShowWindow
UpdateWindow
GetDesktopWindow
GetWindowRect
MoveWindow
DestroyWindow
DefWindowProcW

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
__p__fmode
memset

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b1e009d6204c187361d10b4d8ebcbd7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 896B

.rsrc Size: 64KB - Virtual size: 60KB

.reloc Size: 4KB - Virtual size: 886B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 896B

.rsrc
Size: 64KB - Virtual size: 60KB

.reloc
Size: 4KB - Virtual size: 886B

UPX0
Size: 144KB - Virtual size: 380KB