806da3ff78eccba325c030d69b229e7366c9aa0450276b0458ecacfc2c5fc88b

Sharing

Copy URL Twitter E-mail

General

Target

806da3ff78eccba325c030d69b229e7366c9aa0450276b0458ecacfc2c5fc88b
Size

140KB
MD5

64a3e6b55705bdb60dd57bd8520d90e3
SHA1

dd2127b2d484407a15b0eef87a597fcd654c81af
SHA256

806da3ff78eccba325c030d69b229e7366c9aa0450276b0458ecacfc2c5fc88b
SHA512

8850d2da5fc9fd63f9860a9ab1abb0a1a7f2bd26e6164129aaecc5cb251e475d97d38710a1d90a9c2ae4ba51e72ab8896d20e13d18e595f447fc6d159136d012
SSDEEP

3072:71NTAUZt8yR9tE3klOpP9w1j95IaIgA5KTmcoZUiO2w:5NUny6UIPqJ9LTmcabJw

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

806da3ff78eccba325c030d69b229e7366c9aa0450276b0458ecacfc2c5fc88b
.exe windows x86

fd218cf6b71d15acb76ecd1e1a966e02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fflush
_iob
_except_handler3
wprintf
wcschr
_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_local_unwind2
_wcsicmp
wcslen
wcscpy
wcscat
_controlfp
toupper
free
malloc
_itow
setlocale
sprintf

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetStdHandle
GetConsoleScreenBufferInfo
SetThreadUILanguage
GetConsoleOutputCP
LocalFree
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FormatMessageW
LocalAlloc
UnhandledExceptionFilter

ntdsapi

DsCrackNamesW
DsFreeNameResultW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

wldap32

ord145
ord73
ord13
ord157
ord118
ord18
ord155
ord147
ord27
ord12
ord14
ord208
ord26
ord21
ord140
ord41
ord65
ord133
ord69
ord113
ord224

user32

wsprintfW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd218cf6b71d15acb76ecd1e1a966e02

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ntdsapi

rpcrt4

wldap32

user32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 17KB

.rsrc Size: 14KB - Virtual size: 14KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 17KB

.rsrc
Size: 14KB - Virtual size: 14KB

.UPX0
Size: 108KB - Virtual size: 260KB