43e4bdbe3b74bea1cb8772db0b881ed948f17b823e74b7ed4401d97b0130adc0

Sharing

Copy URL Twitter E-mail

General

Target

43e4bdbe3b74bea1cb8772db0b881ed948f17b823e74b7ed4401d97b0130adc0
Size

169KB
MD5

92df25a118560fb32fb4560bf6ea4bb0
SHA1

327e304602252eca0f6b05d3ba4b959cce45269b
SHA256

43e4bdbe3b74bea1cb8772db0b881ed948f17b823e74b7ed4401d97b0130adc0
SHA512

42e2fe329933fe19da5aa920a54c259fa01685d0dcdbebb93af5770d76c3d3d587bf61a9a616d2bceb4012cd9c90e7f6ff0271ba3e0fe6f3a9903ef1787115cd
SSDEEP

3072:FcRTgoDS+53XAqf8nFyyDy29AaS0z3pX3ejsPY8kfGk4ic2e7e+xZwVC0aH3rsAO:Ggk5XXf8F3DDAah5eYPY8keO1+e+xZSd

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

43e4bdbe3b74bea1cb8772db0b881ed948f17b823e74b7ed4401d97b0130adc0
.exe windows x86

268f05a0789303825489df0b2ee1405e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

?terminate@@YAXXZ
__iob_func
exit
_setjmp3
printf
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
fprintf
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e

objc

_objc_init_image
_objc_load_image
objc_msgSend
objc_getClass
sel_registerName
objc_enumerationMutation
objc_exception_throw
objc_exception_try_exit
objc_exception_extract
objc_exception_try_enter
objc_msgSend_fpret

corefoundation

CFPreferencesSetMultiple
CFDataAppendBytes
kCFBooleanFalse
kCFBooleanTrue
CFPreferencesCopyKeyList
CFPreferencesSynchronize
CFPreferencesCopyValue
CFRelease
CFPreferencesSetValue
kCFPreferencesAnyApplication
CFDictionaryGetTypeID
CFArrayGetTypeID
CFDateGetTypeID
CFBooleanGetTypeID
CFNumberIsFloatType
CFNumberGetTypeID
CFDataGetTypeID
__CFConstantStringClassReference
_CFXPreferencesGetByHostIdentifierString
kCFPreferencesAnyUser
kCFPreferencesCurrentHost
kCFPreferencesAnyHost
CFURLCreateWithFileSystemPath
CFBundleCreate
kCFBundleIdentifierKey
CFBundleGetValueForInfoDictionaryKey
CFStringGetLength
CFRetain
CFBundleCopyExecutableURL
CFURLCopyLastPathComponent
kCFPreferencesCurrentUser
CFPreferencesCopyApplicationList
CFPreferencesCopyMultiple
CFGetTypeID
CFStringGetTypeID
CFDataCreateMutable

foundation

NSSearchPathForDirectoriesInDomains
NSLog

kernel32

Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
InterlockedExchange
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

268f05a0789303825489df0b2ee1405e

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

objc

corefoundation

foundation

kernel32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

UPX0
Size: 144KB - Virtual size: 380KB