c6896b66fb05124b6c90320960e3f5ed012ebec6ad0e1d48a4fe96a58658c748

Sharing

Copy URL

Twitter E-mail

General

Target

c6896b66fb05124b6c90320960e3f5ed012ebec6ad0e1d48a4fe96a58658c748
Size

165KB
MD5

514e1f5c46d3894ce5e95198ad0e9375
SHA1

3845c46d2f38626dce1fb28a419a956e825be6ba
SHA256

c6896b66fb05124b6c90320960e3f5ed012ebec6ad0e1d48a4fe96a58658c748
SHA512

1b16da94f8ffad7229b4a8df334eaa760bc84711dbee982602d6f6b7fe9400db68ab77e67a53e2b0940c9949038beb284e45828df0a690488106fe0632dc6b98
SSDEEP

3072:2kA2p4izFOPb66uLgbRTFN36m4F0SEqTbnRkD:c2KAOz662gbRRNRAWu

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c6896b66fb05124b6c90320960e3f5ed012ebec6ad0e1d48a4fe96a58658c748
.exe windows x86

801ba183ea6445779ae70ca8c401dbae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
FindClose
CopyFileW
CreateProcessW
GetLastError
CloseHandle
CreateFileW
ReadFile
GetCurrentProcessId
GetCommandLineW
CreateEventW
WaitForSingleObject
Sleep
LoadLibraryW
GetProcAddress
GetWindowsDirectoryW
OpenProcess
TerminateProcess
SetLastError
WideCharToMultiByte
GetTempPathW
GetModuleFileNameW
SetFilePointer
SystemTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
CreateDirectoryW
WriteFile
SetFileTime
GetTempFileNameW
GetSystemTime
SetEndOfFile
CreateFileA
FreeLibrary
HeapAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
RaiseException
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleA
ExitProcess
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
LoadLibraryA

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

HttpSendRequestW
HttpAddRequestHeadersW
InternetCloseHandle
InternetAttemptConnect
InternetConnectW
InternetOpenW
InternetReadFile
HttpQueryInfoW
InternetCheckConnectionW
HttpOpenRequestW

Sections

UPX0
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

801ba183ea6445779ae70ca8c401dbae

Headers

File Characteristics

Imports

kernel32

advapi32

version

wininet

Sections

UPX0 Size: 160KB - Virtual size: 160KB

.rsrc Size: 1KB - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 160KB - Virtual size: 160KB

.rsrc
Size: 1KB - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB