dcae996d2b81a0adc3ffc68f4986202e70a2bc157ecde2aaafaf09ca9a15b0ef

General

Target

dcae996d2b81a0adc3ffc68f4986202e70a2bc157ecde2aaafaf09ca9a15b0ef
Size

323KB
MD5

31192fb5a3f17b8ff130da8e55615c40
SHA1

393b3d05d0498c5a62a0e053b9ab7ba29f9db3ec
SHA256

dcae996d2b81a0adc3ffc68f4986202e70a2bc157ecde2aaafaf09ca9a15b0ef
SHA512

ed3f5b959a475ec2f6d9ef77cab4bc15d9d239816583a6808605753fe6b6f90b8b6520d767eda5212d51aaafcf5c4255f45470c2afd8ce1e3f69e856e6370e3c
SSDEEP

768:IArZL+QVumd6CH/oDObSEQRzmunxGhvr0JIv/H0aP4iR:Tr1HVukH/oGSEazNm4Jy/HI

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

dcae996d2b81a0adc3ffc68f4986202e70a2bc157ecde2aaafaf09ca9a15b0ef
.exe windows x86

73f05a8412da677778b9eaeb4f5b4d61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
Process32Next
GetProcessTimes
OpenProcess
Process32First
CreateToolhelp32Snapshot
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
GetLocalTime
GetProcAddress
LoadLibraryA
GetMPduleHandleA
lstrcmpA
GetTickCount
CreateThread
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
SyvtemTimeToFileTime
lstrcmpiA
GetMPduleFileNameA
ExitThread
WaitForMultipleObjects
GlobalFree
GlobalAlloc
ResumeThread
GetCurrentThreadId
lstrcpynA
DeleteFileA
Sleep
MPveFileA
SetEndOfFile
SetFilePointer
GetTempPathA
GetTempFileNameA
lstrcatA
GetSyvtemTimeAsFileTime
GetFileSize
CloseHandle
CreateFileA
WriteFile
ReadFile
lstrlenA
lstrcpyA
GetVersionExA
GetPrivateProfileStritgA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegEnumKeyA

msvcrt

memset
_cottrolfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
atol
strncmp
strchr
_strupr
_stricmp
strstr
atoi
malloc
free
memcpy

ole32

CoCreateGuid

shell32

ShellExecut
SHGetSpecialFolderPathA

user32

wsprintfA
wvsprintfA
CharLowerA

ws2_32

Sections

UPX0
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73f05a8412da677778b9eaeb4f5b4d61

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ole32

shell32

user32

ws2_32

Sections

UPX0 Size: 320KB - Virtual size: 320KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 320KB - Virtual size: 320KB

.avc
Size: 2KB - Virtual size: 4KB