bdcd459371ddacd2ff55ae39da9d5da01f0ecccba5d116ed324b10373a1a4b99

General

Target

bdcd459371ddacd2ff55ae39da9d5da01f0ecccba5d116ed324b10373a1a4b99
Size

1.1MB
MD5

6cab40d3d28ee73e4574beaafa122b82
SHA1

e27dc27dd6158a983b3f05ecb665c6cc043a95b4
SHA256

bdcd459371ddacd2ff55ae39da9d5da01f0ecccba5d116ed324b10373a1a4b99
SHA512

7aa39870af85b65a7874bfd334479a013b057e140f48f4027782e4011fb7020ab5516cd027c64b47f155ed4c0eb918378419736bef18d5bf885df0479f261f03
SSDEEP

24576:Utf7MiqbIwMwseAeKWxLIpkVxYqiRZ+xRuktO/W9gys45:qoAw2eAeXu0UiRBtOisI

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/STEAMR~1.EXE	upx

Files

bdcd459371ddacd2ff55ae39da9d5da01f0ecccba5d116ed324b10373a1a4b99
.cab
STEAM-~1.EXE
.exe windows x86

1f10b2a467b55a0c1b5edfb5e6bedd86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaLateIdCall
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaStrFixstr
__vbaFpR8
_CIsin
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaUbound
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
ord648
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaFpI4
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
STEAMR~1.EXE
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f10b2a467b55a0c1b5edfb5e6bedd86

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.4MB

UPX1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 2.4MB

UPX1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 512B - Virtual size: 4KB