ba39aa0ae33fdffe9a8dbf7300427318f05387d6bfa169b0c076983cfdd61626

Sharing

Copy URL Twitter E-mail

General

Target

ba39aa0ae33fdffe9a8dbf7300427318f05387d6bfa169b0c076983cfdd61626
Size

643KB
MD5

10b2da253898b72eb72e1c355d5f1773
SHA1

24182b557aab2d53af91835e0a439041360cad2c
SHA256

ba39aa0ae33fdffe9a8dbf7300427318f05387d6bfa169b0c076983cfdd61626
SHA512

dabcde9cd35843f2da680b8eff319e43158e41ff497e58cf34ac5bc8495cce36760f40143da8c0f3b12359b573ec6beeaa2c28c3e3b66f790b379c66e3320e46
SSDEEP

12288:4u/To4gage1KYqFSEt2ZrqrVcgJ8Aq1CaLwgbu/To4gage1KYqFSEt2ZrqrVcgJ:4eltgGKYqFSEF5P8AqRwOeltgGKYqFSG

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

ba39aa0ae33fdffe9a8dbf7300427318f05387d6bfa169b0c076983cfdd61626
.exe windows x86

9a927ec8528e93b459e9675ebae374b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

PostQuitMessage
MessageBoxA

gdi32

SetBkMode

comdlg32

GetOpenFileNameA

advapi32

ControlService

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

_unlock

comctl32

InitCommonControlsEx

ws2_32

socket

iphlpapi

GetAdaptersInfo

Exports

Exports

��$e_�/!��m�qj� ^��e2T@�jg�Zt@r9�#Յ�NȎ �[�v��w��h�=�%�3̜��Nqt�N��g��K}��c_q��pU�Y'��x+��֣1-`P��GϏ��DD�Z��7u ��eH�W��*��O��N6��r��;��G��O&��jD!S�a��ק�O��0�5Uܕ��ɐ�Z��FQ1��0_��ܩ~Z�oX� ��͋��{bN��9[)�i�؇ۢ�;2��{��ԉ�ǆ��P��4�,��e O�L<��q�� /*�<%M��]�Y�5yZ�;t[��7�g_�5K_e��վ��$�t�U�a��ܻ��x:C��eL�^��^��O�{(�C��/^=��FBF�ǳ��;�6]e��<��h��xi.☽�w ��H��6��ڜq;yOY��X��ƃmZ%=)�� q>�x�_�U$�QS��u,�V47֏�I��Ԑ��)z>GdQ��>��|9�Ji�i#L�/��\0ǖL �x�PL k�)Q��0cK��Bc�z��9P��ͨjI��6]S��.�Zou�?�� kx��D��iY^s��~� 3iy\��cg;��\�U�a�w��x��N��m_�x��U��@d�<�3�*` ��s�J�3o�f�3%�:��}V�7>��h0��vh�ʆ��Q��)��;��š��VPƿ�Bw*mI��"��3U͸py��7�E�1N��cҮ�jFa�ǋ�ȑ@ac�|�k,��b�Y��%)\7�\ٞ's��3gz8��rW]�X��]K�6_�p.�B~xz^��+��{�sA�t�4AѮ0��Q�GҠA�Y��(��2%��T#�³J3~p�'I��(�@��d��!r��"��Y��k��I�`c�1�� Qh��i`��ou 5e��eg��!�"@�VKCz��+m��7U��,g�I/Q,��1�2�C{�c�Ą�.��>~؍��H�3niS�;��q��]�4��6<�$Ͼ��1�y~a��D0 ]�<��i�5��v�<��q��6�*��;ڔx�� ɨ�z�"o5��j D��4��ǜ ��70$��`�� J y��Mx��L*8�)��+��O��6��7�b` ��lo��ݨG��0>��[HJ��o��>�i��g�h8̝��eLӕ[B �'P�FW`A�>��"�n�q��?��)�� !?� Gnu��X<b��㐆��ABE�=�\&� ��3J��8v��4�K��|�j�":��H�=��%��ǌ^��8MJƞY��PwvS�_[�+/��H��K �_Y�@�AN�I`*�ZRڡІ��z�9�u�xc'��5b�|�`��#��2=�Tg�{|'$�Bf+��:R��eO�F��/4�F��eK$�Nz_��O��b/�y�PG|�B/Zg�T��=�*ڢzְM��DH7�6>;�,9�4h�x�Zz��ʲ� 9�E�Ư�~g��e��L��G�p��&�\g�)�+�|jz�S-��%��r?�z>��U>!�c��'Zag +��6�,��!W��ƦNK3o��H��0`�/�mr'��-i�,o��?�`��'9�T��@��B�d�B��/A�� #@��1��g�#��c�jb��^:C�i�άh�A� |��!)�TM��uO�;��p��_;�j̜��'_��Y#[��'��i��㷜��y�F��K$��x�� u2�/��Xhs�Ϫ��!*��~�3-��[� m��O�`o4��R��@̾κ��?H�Yiᆧ��-��H]m��o/�`?u�y�-��S�a��܎��*忪S�94%e)��Tl7�7F! �8)�ꁂ�:��r ��H+��2�c-FZR��U��^�Я\�&KU�c ��y`�� t��.0�I��: Ѯ�,�QB��'J�g�[��V�H �;��ϼ��n+I4o��`�rZZ3��!��dz�>G��h��V��[�Ӛ��B$]�!t�� yk�)��uح�j�3�ۤ�ϹE��5Hj�O�2Zd��#=W��0\��̾2А2\�oΩ�|.�o��.�L��^�k�0��_�E-T��M��}��A�ߥq�G$��0�,sB��Rj��N7��Pm�"��y�2-��{h�س"��T�3�s�e�|�d�"�(Z�A�ek}��kÂ`�1��f��Ȗ��gM��K�(B��ۼ'��ZҩR쾌��49�+j��'��2o<9b��;L%:K�hz,ǩR��ݧn��Ӎx_)?�z1~�H�'��m�t�\I��Ҵ�|��)y�<d�^anHIT��I�>�꣥}|�1��Y�7~3.�i$VX ��v��V �? ��NB�8�>~��i �:R�H�2Y%��|(j:<%��Q�֓!d!��bz4��\�<��*��'8Zrb6��(�Mv��"��%J[�lʹ��s�O�a{��~��)��\{$��BK|��IhL�y�j�i�q�%X�ŵ�+��n�8��zKQ��'t)�X��ݿ��ޚoN2��cm��E�7�]J�&��~��]�Y!T�RS��oEl�D��4�4�'�<�:|�.�6��5��fu�͖�i�d˨��U��,s�M�N�6T!)��We��C1L�b�1l�n�uq+�2��J��p x��]��5G�fv]�m��@>��)�� B7�σ��Wx_7k�=�s�Р��<��/��6��0goh4r��Ԑd�i�aG>�q}fF� <;��[}�R�?~�F��EG/�A6P�r��[��,��Y�s��ti׹��

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a927ec8528e93b459e9675ebae374b4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

msvcp90

msvcr90

comctl32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 591KB

.UPX0 Size: - Virtual size: 2KB

.UPX1 Size: - Virtual size: 139KB

.tls Size: 512B - Virtual size: 24B

.UPX2 Size: 311KB - Virtual size: 311KB

.reloc Size: 512B - Virtual size: 144B

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 591KB

.UPX0
Size: - Virtual size: 2KB

.UPX1
Size: - Virtual size: 139KB

.tls
Size: 512B - Virtual size: 24B

.UPX2
Size: 311KB - Virtual size: 311KB

.reloc
Size: 512B - Virtual size: 144B