8ead08d9f7e3a3705af75b492c1a391b00eb5fe1ad249d4e0165d595893a1fa3

Sharing

Copy URL Twitter E-mail

General

Target

8ead08d9f7e3a3705af75b492c1a391b00eb5fe1ad249d4e0165d595893a1fa3
Size

223KB
MD5

09e4ee484311eaa58bd28062523d8367
SHA1

ef96efed0cc04cca4fe1fb9308af72405ec746f5
SHA256

8ead08d9f7e3a3705af75b492c1a391b00eb5fe1ad249d4e0165d595893a1fa3
SHA512

5788a0280ee40412fcf007f0d27bd20974d4f1b00696746a61bf554f8f12004c8ac53914676f1315fdf936bc1be73c93c15798231a416558e302718df248857c
SSDEEP

3072:AnHP6WToSsvnCxylyNqlDRc6JYI1Yw5+vIz7VeWfVPAAAXRiD8BTIm8t:AVThsUylyNIRDYI1dAvAMcCBiD8JIvt

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

8ead08d9f7e3a3705af75b492c1a391b00eb5fe1ad249d4e0165d595893a1fa3
.exe windows x86

958890051d3a70631d2671d043ff7129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

GetModuleFileNameW
OutputDebugStringA
WriteFile
CreateFileW
ExpandEnvironmentStringsW
WaitForSingleObject
CreateEventW
SetLastError
HeapSetInformation
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
SetEvent
CloseHandle
GetCommandLineW
InterlockedDecrement
InterlockedIncrement
TlsAlloc
OutputDebugStringW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetLastError
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
TlsFree

user32

MessageBoxW
UnregisterClassA
LoadStringW

msvcrt

?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
??1exception@@UAE@XZ
malloc
memset
_errno
_wcsicmp
wcschr
wprintf
_vscwprintf
calloc
free
_vsnwprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_callnewh
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
memcpy
memmove
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty

ole32

CoInitializeEx
CoUninitialize

shell32

CommandLineToArgvW

activecontentwizard

ord2
ord3
ord4

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

958890051d3a70631d2671d043ff7129

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

shell32

activecontentwizard

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 6KB - Virtual size: 6KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 6KB - Virtual size: 6KB

UPX0
Size: 144KB - Virtual size: 380KB