a125e3e00a068cc5fe9609fd5b370ee5c3cc841d276003ec3c3ce4acedffa31f

Sharing

Copy URL Twitter E-mail

General

Target

a125e3e00a068cc5fe9609fd5b370ee5c3cc841d276003ec3c3ce4acedffa31f
Size

272KB
MD5

2356ef943788a98b1ee92bdcaa5ade1b
SHA1

69f17b6826d3b05082278640faa0e4546156133d
SHA256

a125e3e00a068cc5fe9609fd5b370ee5c3cc841d276003ec3c3ce4acedffa31f
SHA512

5c114709cf0ce48f1aa18c8766e5cdf767cc621b92cedd2932ebc9970ba73d548a98da7f80693c3c563342f971a18bbf8aa2a0ae242e55d2385ffeaba7ecee0f
SSDEEP

6144:9F5S/67LXeViH78Y74SRzF6pu2hvjhQ9QlAk+W02/:9ESaiH78g4UkpnFhaZ2

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a125e3e00a068cc5fe9609fd5b370ee5c3cc841d276003ec3c3ce4acedffa31f
.dll windows x86

4d50c89fe25122741422377f54cd6f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SafeArrayCreate

advapi32

RegOpenKeyExA

user32

DestroyWindow
MessageBoxA

kernel32

UnhandledExceptionFilter
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Exports

Exports

{��}��o�5��2��9�ZE�XP\\��8HZ��Zq��@�_�q7�h�t��$QO��`�Q]�.��k�X�� a��$B�4ov�wp��᳋��M��+��^�?�u��Y ��5#,�6��Hw��?RH��|"��;��'�홫��;�H_��;�p�J�B��G�j뗻j� B��6�XEo��!A��0��ǡ��|t�F��fdƟ-{��bD�Z9Էb� E�`��:�Ә�e��7��g�d�n1:)�Pb��3�kb��%[�2Zm��pyRw1�S)�Nt�76��Px��pS>��傍�)C 欈�h ��B��M8�(�W��t��5�:�8�Ftk(�0t�@�n X��^i�a$oW�9Ja�ɾP�(81�� 梁ʹ�/}Єq��!�*�@�BF��1�t��?}\��ia0m֊ ��#�^�'��~i��.K�{v'��wZ4�[�m"�Pٍ�:H��+�}MoMc�{�Aj�.�{2H�c��%�h��D{��C�&��p��d�=b�B蚵��}��b��_p�o_"��@��q>��x3Ҙ�'��۷03E7�=�%R�zŧ��P�J��))-�uxQd�˚�߭��{��$�H2^��ۑ^��&�m�>k�n��P��2*�Ӏ��YE dަ.�ש�a4��e��B��w��}"t{se*s�|>z`�C;��z�t'5��<��s,��-�3�d�:ʋ�V��f��>�ӳ��(_\/��%uC��-u��[%��M�cUޱ�폆O��X��`��~�?�GX��(͞��ɬ ̪��Rȳߠ�ڜ�Җ7_[椼'��X�#��7�3�}��ae�f#�6j��ˀl�iJ!��zaK�f/D;��@>[��g �<6�i�e�3+��S�Y��,_#�! �b��6�Zku+��'��Ti��W'$�j+�y,�EFd��,�7Z��'IcC��^�C,��Q�X��ݵ��9ȵ!~��@w~ԢC� ,�e�St��f'L��Oo�%J�r�d`B��` {��P~�A1�HU�xzL5��6!��I��IH�v(��E��:l>ׄ9�{&��P��H�3��LE�Ez��^m��s3:�<��+F��nO0Y�jc1��6{�@��,�}��<Qt{��_�v�j�$ Q�� ̢QA6��g&��Y�5��m�,��2@x|�f)�F��P��^��,nT�� <~��߃��.} ^u�v�VP��[p�x��,��P�DG"��F�� 9��"�^ 6��u��zBӦ)��>I�e��1�q�� 3�F�ьu�GKm�uv�'�8��и'��Nj��~�l��_��ߏ{Hѓ��ܮ+H0��6ir*��0�Y�Ty>��yk�/�z��{�W� 0��(E"�� Q'gy\��k��8 �fY��&�*�/��Y(u��<(<�FN�f<��E�- ��*�K{��o��,��}a��~��5�8NLҚ2T�әi�>�Rl.��j~��Z^Z��@�%t= ��i�z"��KWD>��7S*]�#d�2(~�8DU�gztͦu��q��t�O!$a�-��!+��m� 7Х�XU�ݽ �Ѹ-o�"v�G�鲽.�u�3i|')�[i�R��.��D��`��XA�Ci^G�}9�3T�Ο�"��C->{9b��4��C� F��ɄQ�k2��R�BM�]&�t�P �P��J��ҡm��q��ZFgE�0��`.!s��?f-��_.�f�'4lY��A�[*}�Aј��U�+�:�ֿ0F��σ� v1�/Q��ⷬ�L��{�Po��ؑ�k�s��#��qڿ�5V)�/N�f��X4@�}��Օu9kQ-�l�Mi�9��M�޼Q�v��6i�( ��o��P��m�^��+��g��=�OL@V��p=��A��U5T��n�l�p��tD!*��g*x��䵗I��H��;��b%� b�/}v��>\�p5�x��x�D��z��qɶ��H�C-׹�M{Z��\%p��T��r��Y�qo�e=��N��`Q��ԽC��;��f��#31MGB��A>C�7�7��]��<Y ҙ2�=��9��In3͏��)��;[I�օ��#� ��{lx��:o�3�Y��pX��؍��3 �I��T��d�}�>�d�^�.��+�g�;��$��i� ��K��V�R�dW[��P~mS��B��c�٬�̕��[u̘ċ. 22��$�NԹ�iQYϷ�@dwc?��n:J#?!XG�"U0L��N�V��t��]+i��s]�U��_��qg ��V?Џ$��q�3�n�[ >��Qhc��G��bƆ��$�.��~7G(�bz�?IHy[��i�&��V�Є�V� U�(j2�h�e|��<� #�[N��eN�c�LyE��B�L��X��l��O`��&�'�C�= ��_�Tʈ��h��>��wMM<�g��y�D�{1��=t�+�}Bu��N�{M��<EhH��%��b$Yz��Z�<��m ��Bg$�MG��ZK6��6��"F>f �f��A*��t�3�}�0Bn�nR讵�"�e��&6��ky%c �]��䓪�U7/��A��9��O��ߠ��Þ��z>xj��?!"�4�WV�/;�~�� C�I��H1��W깡� �+�-͡#Jl��_� $��C}�鈖H�=��c+��Q)�e�x��g�Q��X#�^�V��򺧄�:9� ,G;&�,�`\[%#ǻ�PI��

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d50c89fe25122741422377f54cd6f65

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.itext Size: 1024B - Virtual size: 680B

.data Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 18KB

.idata Size: 3KB - Virtual size: 2KB

.UPX0 Size: 5KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.UPX1 Size: 128KB - Virtual size: 128KB

.tls Size: 512B - Virtual size: 24B

.UPX2 Size: 50KB - Virtual size: 50KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 63KB - Virtual size: 62KB

.itext
Size: 1024B - Virtual size: 680B

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 18KB

.idata
Size: 3KB - Virtual size: 2KB

.UPX0
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.UPX1
Size: 128KB - Virtual size: 128KB

.tls
Size: 512B - Virtual size: 24B

.UPX2
Size: 50KB - Virtual size: 50KB

.reloc
Size: 6KB - Virtual size: 6KB