86cbec3db7e9655c358dbd776c1e17a3c7cc609f80fd57507c28b7fc175340f5

Sharing

Copy URL Twitter E-mail

General

Target

86cbec3db7e9655c358dbd776c1e17a3c7cc609f80fd57507c28b7fc175340f5
Size

170KB
MD5

f403c800ede9af603d9644ae0f1763c3
SHA1

2c8e261787090e1c0743f4e9b91e4f8829e8b054
SHA256

86cbec3db7e9655c358dbd776c1e17a3c7cc609f80fd57507c28b7fc175340f5
SHA512

94c12af763b8c7fdab93c52fd73d41794d0583df39d0cf9e4991d22c6ba3edaae6c55ca72205a00708390a4f9fc5f2ab02c9d059b96749775caa8cd630f265ab
SSDEEP

3072:g1ZCwzK8FW90cfN+2AY/y9gsxPv/WJA9q6NN1TEefex:FwtFO0cfl/ONz9q6Fex

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

86cbec3db7e9655c358dbd776c1e17a3c7cc609f80fd57507c28b7fc175340f5
.exe windows x86

1483a80767b473ba64ccd20d00de8827

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
strlen
wcscmp
strncpy
fabs
cos
acos
free
malloc
sin
memcpy
_purecall
strcmp
memcmp
pow
log10
memset

user32

MessageBoxA

kernel32

SetEndOfFile
GetFileSize
SetFilePointer
GetTickCount
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
RtlUnwind
Sleep
GetLastError
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
TryEnterCriticalSection
DeleteCriticalSection
InterlockedExchange
CreateFileA
CloseHandle
IsProcessorFeaturePresent
ReadFile
GetOverlappedResult
QueryPerformanceFrequency
HeapAlloc
OutputDebugStringA
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
HeapFree
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
VirtualAlloc

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA

rpcrt4

RpcStringFreeA
UuidToStringA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

cmutil

CmLoadIconW

gdi32

CreateSolidBrush

winmm

joyReleaseCapture
waveOutGetPlaybackRate
mmDrvInstall
waveOutSetPlaybackRate
midiInClose
mmioSetBuffer
mixerGetLineInfoA
waveOutWrite
mci32Message
mixerGetLineControlsW
mciLoadCommandResource
waveInStart
mixerGetNumDevs
midiInGetErrorTextW
PlaySound
midiOutGetErrorTextA
mixerGetControlDetailsA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX0
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1483a80767b473ba64ccd20d00de8827

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

advapi32

rpcrt4

ole32

cmutil

gdi32

winmm

Sections

.text Size: 15KB - Virtual size: 14KB

UPX0 Size: 512B - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 2KB

UPX1 Size: 2KB - Virtual size: 30KB

UPX2 Size: 1024B - Virtual size: 17KB

.rdata Size: 139KB - Virtual size: 248KB

UPX3 Size: 3KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 14KB

UPX0
Size: 512B - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 2KB

UPX1
Size: 2KB - Virtual size: 30KB

UPX2
Size: 1024B - Virtual size: 17KB

.rdata
Size: 139KB - Virtual size: 248KB

UPX3
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 3KB - Virtual size: 4KB