885767c50f9f67e5e163101afdf4264eefe2e4220a5e1c2c92eae222665ff894

General

Target

885767c50f9f67e5e163101afdf4264eefe2e4220a5e1c2c92eae222665ff894
Size

92KB
MD5

3589f8ce8e1c1cbebcead4756fdbba8c
SHA1

463dbe8f730b56f226447048df525759789dfc4a
SHA256

885767c50f9f67e5e163101afdf4264eefe2e4220a5e1c2c92eae222665ff894
SHA512

d0b809567f248ed497ce09a0494bc23bab98690813eddd3d30fe0499d93c431617f9483ab0a282493768d43ae14cf24422b86790a7dd2ace75b2ab5ce2883f3f
SSDEEP

768:oTrBbxRTWICOtnmmhP7WMYVABBZaP637:oPlvTWStxP7vYm/Znr

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

885767c50f9f67e5e163101afdf4264eefe2e4220a5e1c2c92eae222665ff894
.dll regsvr32 windows x86

104afda4da96ccd99f27fe4a46c2c77e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
CreateThread
SetLastError
LocalAlloc
LocalFree
WinExec
GetSystemDirectoryA
SetFileAttributesA
WriteFile
CreateEventA
WaitForSingleObject
GetVersionExA
LoadLibraryExW
OpenProcess
VirtualAllocEx
VirtualProtectEx
CreateRemoteThread
GetModuleHandleA
Process32First
Process32Next
CreateToolhelp32Snapshot
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileA
GetWindowsDirectoryA
GetLastError
GetFileSize
GetProcAddress
Sleep
IsBadReadPtr
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetTickCount
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
CloseHandle

advapi32

RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken

mfc42

msvcrt

strstr
strncpy
strcat
_strlwr
_strnicmp
_stricmp
strrchr
_mbscmp
sprintf
strlen
strcpy
atoi
memcpy
memset
??1type_info@@UAE@XZ
strcmp
_except_handler3
printf
__dllonexit
_onexit
__CxxFrameHandler
free
_initterm
malloc
_adjust_fdiv

user32

GetWindowTextA
GetClassNameA
EnumWindows
GetWindowThreadProcessId

ws2_32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Fn

Sections

UPX0
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

104afda4da96ccd99f27fe4a46c2c77e

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

user32

ws2_32

Exports

Exports

Sections

UPX0 Size: 88KB - Virtual size: 88KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB