014e5d24a62ac67f2025719a0d41deab1ffe5454ed5ff2ffaa30e911b0e57171

Sharing

Copy URL Twitter E-mail

General

Target

014e5d24a62ac67f2025719a0d41deab1ffe5454ed5ff2ffaa30e911b0e57171
Size

121KB
MD5

729fb8f21a46b929594ce4d561d6b4d5
SHA1

228fb38bae9f9b8d79966e9c0633c16972bc76d5
SHA256

014e5d24a62ac67f2025719a0d41deab1ffe5454ed5ff2ffaa30e911b0e57171
SHA512

fc48510dc2e602557aa5dadb53ee63471d9778fc20c0b10a279db38680c9dd836891065711e39972ee877352f8f68d854e4ac9761c21be3d41f4be7ed6f6df13
SSDEEP

3072:w3DeCdW5YlTo6f7acCUEecRurGF66w/pC7OjL9f96HtQEnD:qDtW5YlhfmjCGRW1K3

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

014e5d24a62ac67f2025719a0d41deab1ffe5454ed5ff2ffaa30e911b0e57171
.exe windows x86

109cf7de0ef93aadd477da97c90a4625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
ReadFile
Sleep
GetComputerNameW
ExpandEnvironmentStringsW
SetThreadPriority
SetPriorityClass
GetProcAddress
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
GetLastError
CreateDirectoryW
CreateFileW
CloseHandle
DeleteFileW
GetLocalTime
GetModuleHandleA
WriteFile

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__wgetmainargs
__winitenv
_controlfp
_cexit
_XcptFilter
_exit
_c_exit
wcslen
__setusermatherr
_vsnwprintf
free
exit
malloc

advapi32

RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
OpenThreadToken

ntdll

RtlAllocateAndInitializeSid
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlFreeSid
NtSetSecurityObject

netapi32

NetAlertRaiseEx

dbgeng

DebugCreate

faultrep

ReportEREvent

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

109cf7de0ef93aadd477da97c90a4625

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

ntdll

netapi32

dbgeng

faultrep

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 3KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 3KB

.UPX0
Size: 108KB - Virtual size: 260KB