2a4733401a9b269c9b88bfb298162399533e59f417f055208c98ac2aad0234de

General

Target

2a4733401a9b269c9b88bfb298162399533e59f417f055208c98ac2aad0234de
Size

307KB
MD5

21b4f1d7e131d8e43dfaa88e3307ef7b
SHA1

15cde395160b6e3819671fc290902bb617304e11
SHA256

2a4733401a9b269c9b88bfb298162399533e59f417f055208c98ac2aad0234de
SHA512

a8c4fd0e8dfe4567098012dea8535517704607da392ea7cfa5bac1713a99cd2aa569bc95e5890f8497020127c7a0adfd1cf11235ae3a78afa6e289d91bd16f09
SSDEEP

6144:36uZBDYMibIajuhcH/mswMCDlTyeNp3Reowy1izOV0fTYmVV2rebGfjV77zfPs:36ODSzSKH+9PDlTymCowFiGUmL2reY6

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/rtmpdump.exe	upx

Files

2a4733401a9b269c9b88bfb298162399533e59f417f055208c98ac2aad0234de
.rar
WWE BY Ma7moud_Fayed.exe
.exe windows x86

9a95b6d3ff8ae63a9daf274497c1722c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetModuleFileNameA
GetStdHandle
Sleep
GetTickCount
SetConsoleTextAttribute
SetConsoleCursorInfo
SetConsoleCursorPosition
GetVolumeInformationA
GetConsoleMode
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetLastError
GetFileAttributesA
GetProcAddress
GetModuleHandleA
HeapFree
CloseHandle
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
WriteFile
ReadFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
CreateFileA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
SetEndOfFile
WriteConsoleA
ReadConsoleInputA
SetConsoleMode

winmm

timeGetTime

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rtmpdump.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a95b6d3ff8ae63a9daf274497c1722c

Headers

File Characteristics

Imports

kernel32

winmm

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 11.0MB

.rsrc Size: 68KB - Virtual size: 66KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 280KB

UPX1 Size: 192KB - Virtual size: 192KB

UPX2 Size: 80KB - Virtual size: 80KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 11.0MB

.rsrc
Size: 68KB - Virtual size: 66KB

UPX0
Size: - Virtual size: 280KB

UPX1
Size: 192KB - Virtual size: 192KB

UPX2
Size: 80KB - Virtual size: 80KB