a31e6dd3fc41e23102e586a240b39ee4d5cb230c8f4ac92c15dcd4beeec233e1

General

Target

a31e6dd3fc41e23102e586a240b39ee4d5cb230c8f4ac92c15dcd4beeec233e1
Size

168KB
MD5

930623a6488d9a62302f8c17cea987b7
SHA1

8bfe409cdd84d61c2016a0cabc5c0ec181fa3920
SHA256

a31e6dd3fc41e23102e586a240b39ee4d5cb230c8f4ac92c15dcd4beeec233e1
SHA512

2c5857e1c802f1bd81e12cc07a12175adf938db80f045eaba47c1ba983d151b198768a2b935356c59de186c6a3b0e460ef8004c86004d69de5225dd39cdf7f5d
SSDEEP

3072:gc48BTYqoLATyZhw6NKdFDduXnVaMQqUuHJ:gN8xCyMU

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a31e6dd3fc41e23102e586a240b39ee4d5cb230c8f4ac92c15dcd4beeec233e1
.exe windows x86

654f8d0e2ed6298b7344f23c6567bbbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CloseHandle
ReadFile
IsBadWritePtr
WriteFile
IsBadReadPtr
FlushFileBuffers
SetFilePointer
SetEndOfFile
DeleteFileA
SetLastError
FindNextFileA
CreateDirectoryA
RemoveDirectoryA
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
FindResourceA
LoadLibraryA
GetLastError
GetCurrentProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetShortPathNameA
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
VirtualAlloc
HeapReAlloc
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
IsBadCodePtr
FindFirstFileA
FindClose
GetVersionExA
GetModuleFileNameA
GetWindowsDirectoryA
WritePrivateProfileStringA
MoveFileExA
InterlockedIncrement
InterlockedDecrement
TlsGetValue

user32

LoadStringA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

654f8d0e2ed6298b7344f23c6567bbbe

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB