1fbcd803fe8117c97a65664380e88e69ce66cd4ef44f432f70a3c5595d8b0440

Sharing

Copy URL Twitter E-mail

General

Target

1fbcd803fe8117c97a65664380e88e69ce66cd4ef44f432f70a3c5595d8b0440
Size

148KB
MD5

11bdb9e3b4c8e152803b67b6f75701f0
SHA1

ffa54630d5e63073a527a8d10da6c33448d2fbd4
SHA256

1fbcd803fe8117c97a65664380e88e69ce66cd4ef44f432f70a3c5595d8b0440
SHA512

f9c5370945e736221e13b35a8b106adb5edc0af088010753c74e5dfa0714f50196b17b0a64f45d2123354198a5d9be24393c503fccfb2ca22e5d3aa4359bce06
SSDEEP

3072:S5gMEeN8IqlWcZPc+qTMhJlzWUiQnsNW87O05YHdpngwUY:0N8Icne70nsN7O05YPR

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

1fbcd803fe8117c97a65664380e88e69ce66cd4ef44f432f70a3c5595d8b0440
.exe windows x86

9992230b257ccf5978749b181e6a0db6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
lstrlenW
GetPrivateProfileIntW
MultiByteToWideChar
GetCommandLineW
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
SetConsoleCtrlHandler
HeapSize
ReadFile
SetEndOfFile
GetSystemInfo
VirtualProtect
GetDateFormatA
GetTimeFormatA
GetOEMCP
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CreateFileW
SetStdHandle
LCMapStringW
LCMapStringA
SetFilePointer
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetModuleHandleA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetLastError
WideCharToMultiByte
CloseHandle
WriteFile
FlushFileBuffers
GetProcAddress
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
InterlockedExchange
VirtualQuery
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

user32

LoadStringW

shell32

CommandLineToArgvW

odbc32

ord119
ord72
ord12
ord13
ord3
ord111
ord4
ord16
ord2
ord1
ord150
ord107
ord139
ord110
ord14
ord15

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9992230b257ccf5978749b181e6a0db6

Headers

File Characteristics

Imports

kernel32

user32

shell32

odbc32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.UPX
Size: 60KB - Virtual size: 60KB