947319a848266703623eba82a9fec3da94899ca70086dc5cb5df847d6829309b

Sharing

Copy URL Twitter E-mail

General

Target

947319a848266703623eba82a9fec3da94899ca70086dc5cb5df847d6829309b
Size

50KB
MD5

e27b971ad1d334e342caddb486e8ee64
SHA1

046dc3cc0cf64971d598d8228bb920ee7eac89be
SHA256

947319a848266703623eba82a9fec3da94899ca70086dc5cb5df847d6829309b
SHA512

06b0e4cfc20d3165e61e1e18acb5595a58bd08214867320ea8b416dd6ad76ed1013f13d29047717f34022951b110c30b03e0002dfd371e94171d7efba0214c68
SSDEEP

768:0kAFCi9R3L6K4mokKCEZTEfIrdMTx3KZ6kGVMSbubRphAlhIESQQ:01nb32R9CEZTEfIrKTx3KZ3GbUpOrO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

947319a848266703623eba82a9fec3da94899ca70086dc5cb5df847d6829309b
.exe windows x86

8306c57f0fdd11e6ef7775dde6fc58e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

ord137
ord174
ord60
ord15
ord135
ord139
ord21
ord11
ord23
ord19
ord13
ord147
ord75
ord129
ord17
ord140

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetStringTypeA
LoadLibraryA
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
GetStringTypeW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
Sleep
FileTimeToDosDateTime
GetModuleFileNameA
IsBadWritePtr
IsBadCodePtr
IsBadReadPtr
GetACP
lstrlenA
lstrlenW
OpenFile
IsValidCodePage
GetLastError
lstrcmpA
lstrcpyA
lstrcpyW
GetCurrentProcessId
GlobalAlloc
GetFileAttributesA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetEnvironmentStringsW
GetProcAddress

user32

GetFocus
wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle
QueryServiceStatus
OpenServiceA
RegConnectRegistryA
RegSetValueExA
OpenSCManagerA

msasn1

ASN1intx_free
ASN1_Decode
ASN1utf8string_free
ASN1open_free
ASN1BERDecExplicitTag
ASN1CEREncZeroMultibyteString
ASN1ztchar32string_free
ASN1BEREncOctetString
ASN1objectidentifier_free
ASN1BEREncEoid

gdi32

GetTextExtentPointA
CreateScalableFontResourceA
CreateFontW
CreateBrushIndirect
CreateBitmap
CreateSolidBrush
CreateCompatibleDC

Sections

UPX1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TI
Size: 4KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yARJD
Size: 2KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Lh
Size: 1KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.F
Size: 2KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8306c57f0fdd11e6ef7775dde6fc58e7

Headers

File Characteristics

Imports

mapi32

version

kernel32

user32

advapi32

msasn1

gdi32

Sections

UPX1 Size: 2KB - Virtual size: 1KB

.TI Size: 4KB - Virtual size: 177KB

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 30KB

.yARJD Size: 2KB - Virtual size: 565KB

.edata Size: 4KB - Virtual size: 61KB

.Lh Size: 1KB - Virtual size: 329KB

.data Size: 7KB - Virtual size: 125KB

.edata Size: 8KB - Virtual size: 37KB

.F Size: 2KB - Virtual size: 248KB

.rsrc Size: 1KB - Virtual size: 1KB

UPX1
Size: 2KB - Virtual size: 1KB

.TI
Size: 4KB - Virtual size: 177KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 30KB

.yARJD
Size: 2KB - Virtual size: 565KB

.edata
Size: 4KB - Virtual size: 61KB

.Lh
Size: 1KB - Virtual size: 329KB

.data
Size: 7KB - Virtual size: 125KB

.edata
Size: 8KB - Virtual size: 37KB

.F
Size: 2KB - Virtual size: 248KB

.rsrc
Size: 1KB - Virtual size: 1KB