734f83cec978bae5a780d0fc474769c0f076b0d82c0a860d32034c3302c7b366

Sharing

Copy URL Twitter E-mail

General

Target

734f83cec978bae5a780d0fc474769c0f076b0d82c0a860d32034c3302c7b366
Size

132KB
MD5

f642f7ed2c6a142c13278bd92caa662b
SHA1

c931c23cdd63636c7b71c600883649b4e3686281
SHA256

734f83cec978bae5a780d0fc474769c0f076b0d82c0a860d32034c3302c7b366
SHA512

8fcd50d290fc315106779c54ad8747b709d8949b23f0f5b41485f9738e7fdc3ee4ed52498d92e870c27ce23bd215ae7788e0723ae604614629cf5fe32749c6e2
SSDEEP

3072:/U7RJJ6TJUqrR/e7Fz3xyTUvTUXl1GfFWJ/mDR6fiR4LtZ:6RJkSq927x3xkUrUXj9J+RZRctZ

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

734f83cec978bae5a780d0fc474769c0f076b0d82c0a860d32034c3302c7b366
.exe windows x86

f6fb8c1a1cd71c635c85f4598c7c42d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

qsort
strstr
_strcmpi
NtQuerySystemInformation
vsprintf
memmove
strrchr
RtlUnicodeStringToAnsiString
wcscmp
RtlFreeAnsiString

setupapi

SetupGetLineTextA
SetupOpenInfFileA
SetupCloseInfFile

shell32

CommandLineToArgvW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
__setusermatherr
_exit
_c_exit
malloc
realloc
free
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_XcptFilter

advapi32

SetFileSecurityA
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
AddAce
GetAclInformation
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetLengthSid
CopySid

kernel32

CreateDirectoryA
FindFirstFileA
lstrcmpA
SetFileAttributesA
DeleteFileA
MoveFileExA
FindNextFileA
FindClose
RemoveDirectoryA
WriteFile
CopyFileA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetCommandLineA
GetCommandLineW
GetModuleFileNameA
GetCurrentProcessId
GetWindowsDirectoryA
GetLastError
GlobalFree
MoveFileA
GetFileAttributesA
VirtualFree
VirtualAlloc
GetLocalTime
SetFilePointer
CreateFileA
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
SetEnvironmentVariableA
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
GetModuleHandleA
GetStartupInfoA
CreateProcessA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6fb8c1a1cd71c635c85f4598c7c42d5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

setupapi

shell32

version

msvcrt

advapi32

kernel32

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.UPX0 Size: 108KB - Virtual size: 256KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.UPX0
Size: 108KB - Virtual size: 256KB