9843057c6209df8d61b46406ec112c59b3736ebad939070ab824574c2a0dbf13

Sharing

Copy URL Twitter E-mail

General

Target

9843057c6209df8d61b46406ec112c59b3736ebad939070ab824574c2a0dbf13
Size

297KB
MD5

83d0c20c4f274c14f8cd4bc72f631a2d
SHA1

08586364f29f4f6b6959f52444cdff2eb6dcb12a
SHA256

9843057c6209df8d61b46406ec112c59b3736ebad939070ab824574c2a0dbf13
SHA512

9c2c9338a37bdcdf2042be3bddb010f813f731c06fda105a5f2b5480bb3f9d60e57083ad2b165c4cf6ee47eb47acf97c9c7f05c52d8810c8e0650c4172f653f4
SSDEEP

6144:CvL72IXLHlg8nEUlXHpeoULf8kV/FLOzEJ0XiGAPCgGvv:9IXLlg8nEUlMoM8Y5SiGAy

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

9843057c6209df8d61b46406ec112c59b3736ebad939070ab824574c2a0dbf13
.exe windows x86

67e82e86e28a639760e5c02e58ccb359

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
DeleteFileW
CreateFileA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CloseHandle
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

wininet

InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67e82e86e28a639760e5c02e58ccb359

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wininet

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

UPX0
Size: 144KB - Virtual size: 380KB