35c8928addb08c3591ab0d17f6e64963c975a2120192de3da7f79ad1da5fba31

Sharing

Copy URL Twitter E-mail

General

Target

35c8928addb08c3591ab0d17f6e64963c975a2120192de3da7f79ad1da5fba31
Size

256KB
MD5

92e44be11238a4ee36c9023c100cb6ad
SHA1

19bf9ac44cfa852ff70894ce69d66efd6e08fb57
SHA256

35c8928addb08c3591ab0d17f6e64963c975a2120192de3da7f79ad1da5fba31
SHA512

b484dce40638745aed7c467a26878a67d5ab558ddad0c81da37b37f182da63f0ce1124b564b4eae6d72fe4f27e5b92bccfa65a5b101e3b715ee73a588fc8859a
SSDEEP

6144:BbcHRn8K06KP8SKKhcpKxpVsoF8B47VX05UHrzYO:BbcekKPoKhcpa0ipHwO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

35c8928addb08c3591ab0d17f6e64963c975a2120192de3da7f79ad1da5fba31
.exe windows x86

6c009f4b4098fa251dbc15de3e909c69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcessHeap
GetStartupInfoA
GetModuleHandleA
CreateThread
WaitForSingleObject
CloseHandle
LocalFree
Sleep
lstrcpyA
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
LocalAlloc
GlobalFree
lstrlenA
HeapAlloc

user32

CloseClipboard
MessageBoxA
CopyImage
EmptyClipboard
OpenClipboard
PostMessageA
SendMessageA
CreateWindowExA
DefWindowProcA
PostQuitMessage
DestroyWindow
SetLayeredWindowAttributes
EndPaint
GetSysColor
FillRect
BeginPaint
GetSysColorBrush
UpdateWindow
InvalidateRect
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
AdjustWindowRect
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetDC
ReleaseDC
GetDlgItem
SetFocus
SetTimer
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
SetDlgItemTextA
SetClipboardData

gdi32

SetTextColor
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
TextOutA
RestoreDC
GetTextExtentPoint32A
SelectObject
SaveDC
CreateFontIndirectA
GetObjectA
SetBkMode
DeleteObject

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

comctl32

ord17

winmm

waveOutPrepareHeader
waveOutClose
waveOutWrite
waveOutUnprepareHeader
waveOutOpen

wsock32

ntohs
ntohl

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strncmp
??2@YAPAXI@Z
strcat
strchr
strcpy
memset
memcpy
free
time
strlen
sprintf
_timezone
malloc
__set_app_type
_except_handler3
_controlfp
_putenv
__p__fmode

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c009f4b4098fa251dbc15de3e909c69

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

comctl32

winmm

wsock32

msvcrt

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 123KB

.rsrc Size: 113KB - Virtual size: 112KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 123KB

.rsrc
Size: 113KB - Virtual size: 112KB

.UPX0
Size: 104KB - Virtual size: 252KB