add7c2ebd43d198451f53a9d022d9329c1f3ce34bc2d9b3f6dafadbe6fee3679

Sharing

Copy URL Twitter E-mail

General

Target

add7c2ebd43d198451f53a9d022d9329c1f3ce34bc2d9b3f6dafadbe6fee3679
Size

132KB
MD5

21df243497628a8c6e1b786b7a4b7310
SHA1

17c08059d91da2c62704269ac9d01de6d071bfc5
SHA256

add7c2ebd43d198451f53a9d022d9329c1f3ce34bc2d9b3f6dafadbe6fee3679
SHA512

1e9bb047bbb75ef77af51855cc4138f404b1861ef2262946ba5ac738499859018c86ee9df58d34ecb62109911c9a3abb90adbc9aeca1570d2c8f9aafa2eb7613
SSDEEP

3072:EM5bi6I7YzevNRicjC+WsnsNWseDuTxngwUY:ER6IUzev3LnsNjeDER

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

add7c2ebd43d198451f53a9d022d9329c1f3ce34bc2d9b3f6dafadbe6fee3679
.exe windows x86

dfe7e82097d9687eb0e4f267eac6ecc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

advapi32

RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegSetValueExA

kernel32

TlsAlloc
GetVersionExA
GetLastError
WriteFile
ReadFile
SetFilePointer
CloseHandle
CreateFileA
GetLocalTime
GetTempPathA
GetVolumeInformationA
GetSystemDirectoryA
FindNextFileA
FindFirstFileA
FindClose
CopyFileA
MoveFileExA
CreateDirectoryA
GetCurrentProcessId
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
FormatMessageA
Sleep
GetExitCodeProcess
WaitForSingleObject
ReleaseMutex
WaitForMultipleObjects
CreateProcessA
GetTempFileNameA
FreeLibrary
LoadLibraryA
CreateEventA
CreateMutexA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetACP
GetOEMCP
GetCPInfo
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
SetStdHandle
HeapSize
FlushFileBuffers

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dfe7e82097d9687eb0e4f267eac6ecc4

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.UPX Size: 76KB - Virtual size: 76KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.UPX
Size: 76KB - Virtual size: 76KB