7fd4707577b552943e57a0b9dc9f44075525f05490cfd6dc2b834a4e4c56723d

Sharing

Copy URL Twitter E-mail

General

Target

7fd4707577b552943e57a0b9dc9f44075525f05490cfd6dc2b834a4e4c56723d
Size

400KB
MD5

840b41bc3c489d0998dc65d8c32268e0
SHA1

b5261a0fec69ddf1d4561251f0e8352ae64cf193
SHA256

7fd4707577b552943e57a0b9dc9f44075525f05490cfd6dc2b834a4e4c56723d
SHA512

59a97d0018f885618a5a7c2dfb0e45e86b8f3331be1039e8026e50a0b3620bcd9a306ececd96e4f945a182ee95d7470be81b9eb6354e8994279ad338548690e1
SSDEEP

12288:oloaFDyx6ujtoMC2HK2rl5/1nIU5M8m+Fd:olNFDWptFC2HK2RDnn53

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

7fd4707577b552943e57a0b9dc9f44075525f05490cfd6dc2b834a4e4c56723d
.exe windows x86

b273b170f31eff5e4d7c491ec797674b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
gethostname
WSACleanup
WSAStartup
inet_addr

mfc71

ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord757
ord605
ord2020
ord3641
ord1084
ord1903
ord1620
ord1617
ord3946
ord5152
ord1908
ord5073
ord6275
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord5230
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4486
ord1063
ord5182
ord4212
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1401
ord4244
ord5203
ord4262
ord3182
ord354
ord6065
ord4320
ord6067
ord4580
ord4749
ord709
ord501
ord304
ord3389
ord297
ord5238
ord762
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord764
ord911
ord2322
ord907
ord784
ord310
ord578
ord2408
ord1207

msvcr71

__CxxFrameHandler
sprintf
free
_except_handler3
strftime
_localtime64
fclose
fopen
_execl
_access
memmove
memset
_setmbcp
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_controlfp
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentDirectoryA
GetTickCount
CopyFileA
MoveFileA
DeleteFileA
Sleep
CloseHandle
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetStartupInfoA
ExitProcess
GetCurrentThreadId
GetVersionExA

user32

KillTimer
SetTimer
GetClientRect
IsIconic
PostMessageA
DrawIcon
GetSystemMetrics
LoadIconA
EnableWindow
SendMessageA

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b273b170f31eff5e4d7c491ec797674b

Headers

File Characteristics

Imports

wsock32

mfc71

msvcr71

kernel32

user32

msvcp71

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 316B

.rsrc Size: 224KB - Virtual size: 220KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 316B

.rsrc
Size: 224KB - Virtual size: 220KB

UPX0
Size: 144KB - Virtual size: 380KB