836b3dd92648a04d4d0bf05b9ae387e1f945799bb0d528e897af7f1460ba03b3

Sharing

Copy URL Twitter E-mail

General

Target

836b3dd92648a04d4d0bf05b9ae387e1f945799bb0d528e897af7f1460ba03b3
Size

84KB
MD5

86dbf3b93a87aafb8f9581a67caa8804
SHA1

1535cccef5a337dfc9252cf154b8679b84313cc2
SHA256

836b3dd92648a04d4d0bf05b9ae387e1f945799bb0d528e897af7f1460ba03b3
SHA512

aba6645c959a34c1b7958e89912d5b1e8d9c9082a7132dae2cad1ccf5749eeb4053258ab3c5f511b23536558ec151555aa90864c4167b1f593676e022cce5324
SSDEEP

768:w0k9r0E6X0mSSgGd0rSu34XFvbyFvZiBVhk+4ZA36joaM/4EoG/oXzpadHp/dA9m:K9ITT5XFvbqRmPb4m2oaMAE37LAJQDbX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

836b3dd92648a04d4d0bf05b9ae387e1f945799bb0d528e897af7f1460ba03b3
.exe windows x86

557646104521532d0234a9abc416b444

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
SetFilePointer
lstrlenW
WriteFile
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
CreateFileW
CreateFileMappingW
lstrcpyW
WaitForSingleObject
FreeLibrary
SetEvent
LoadLibraryW
GetLastError
GetProcAddress
CreateThread
Sleep
LocalFree
CreateEventW
GetModuleFileNameW
CloseHandle
UnmapViewOfFile
ResetEvent
FlushFileBuffers
MapViewOfFile
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
RtlUnwind
LoadLibraryA
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
ReadFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

advapi32

InitializeSecurityDescriptor
StartServiceW
DeleteService
QueryServiceStatus
ControlService
CloseServiceHandle
UnlockServiceDatabase
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
LockServiceDatabase
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

557646104521532d0234a9abc416b444

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.UPX Size: 240KB - Virtual size: 240KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.UPX
Size: 240KB - Virtual size: 240KB