ecf67dbb5d699cd04b4445fa1c7f6a6d382259e66e774925cbcadc12d65437fe

Sharing

Copy URL Twitter E-mail

General

Target

ecf67dbb5d699cd04b4445fa1c7f6a6d382259e66e774925cbcadc12d65437fe
Size

848KB
MD5

3399c975a0a799afea2edd8c68c1d3c1
SHA1

99c2dddb48b2f0eb5af7762bd19de53fefea7c44
SHA256

ecf67dbb5d699cd04b4445fa1c7f6a6d382259e66e774925cbcadc12d65437fe
SHA512

2a336205a1b01104de84f3c01a1a272dd8af571deadcb6578a39096836970d70f8edb3ac8b0b4156697b6250a2f0d499cbb0aa58e28e595a25ef1a4e6b7515b2
SSDEEP

12288:uWNmz+cFNMQJ3k1hN53MLbguW1i+Zv/3W5aYvzPrjgi/9CpOLV4987gKqp:uWcz7NlZkHNM0Vng5a+TIilC0Lyapq

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

ecf67dbb5d699cd04b4445fa1c7f6a6d382259e66e774925cbcadc12d65437fe
.exe windows x86

4568ba78d6db41882f74ce9a6c837085

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

imm32

ImmInstallIMEA

shell32

ShellExecuteA

Exports

Exports

m��a��а�� B��i��Vß�~�g_ }}Bq�jF�(��2kRT�*�~Zߺ̮?�x%ԅh�a��Z`��7�~}/�<n6FxYڙ�� `�P?�}CMqIt�s�i+R-e�F�_#j��b$E.3�X�%�EP��^��>��~ i��f��>��Ő�yJ"�Rve��B�#��N��Һ�Az�jn�Pl2��/DZ51��k�~�Ӏ��@�Z�m�F,Hh��\��.��ˣ�,��KH-�c+��yP��SM�N��j�9�J��>�Q�� f<��U�R�� @c/�Mx+!2+.D\��t��7�w��B7^��=��F�uC�� r[�*�y��oޒA�]��J��'{��x�>�ޕ�.db@��q�A?)W��~K�_s�D~/��ͲMU�eGݤ��9��&3�(�?U��dE��Ӱz��tX�|j/��"��u�Ҍ��Z��%�s �պ�Hv'�Pɭ�΀��eD�-o% �}�)��-��af�,z��K>�}n`�P�9h�%8��F��-�Fy��<]�Qѕ�7ĞKv��9u� �� $��ζDA��3� o~�̨�QnH�|c1��{�R��`9w��c[�C@^�6K�p�3��dsu{}m�v\y�m�rъN. L#jٔp]q{X�/�"As��ܭ4j��{�r�~�Ze8m8��om%�_x�Q�M��_��KR��~�C�'�*�j�;7G[�}�� e�ݨ�[(�-�.�"��7��]��Њ Ŕʉ�JT@Mr�/F�ɝ(��WÔ� ��||g�(�f�,ȹ�V��Ch�i}1sU��)�o2\��U̥��u?��g�5j��rC��)9nP5z��<B x� `�g��gHwto�qM��ž8��+�q]�1��52�Y܂��YW�8:� �RꟚ<�J̔W~c�PU��n)_��e$�N8��T>Ӛ�� ۴�~V9��i�8��c,Ki�1s(3��|��{��,��&v�.r�t&c�ַrB��H��(�}�h-�p8_[,�.Lt�[� ت��I"!��G�?fbY|e�4��5j��I�g&�>SX��G��!p ��ã�j�e��)h��I�i��нM��o�#d��+L��K� 5�z3;�a�OX� �m� k��.��IxGh��`%~>��<��$�3.��v ߭ ��C._��D��$��^{�'u]x�G��=�B{C�5Q�Q��'x��/��Tu��/�� .��\K��E��y��3�t��u�l��Ѕ�a��u��E��ϋǳ�Ǔ��k�ci��P�S��]rA��s=��_�P�^|79��>X��K�j�_z:f�4�'$E��xRPE�4��ם�*��M��hK��tZ�k�7uX.�^�]��j��D:��eF�_��m+ � U�*m�1��aIOa(�?��(d��᥊U��|�n��;�6s��`�_G��qe��_=$u�K�0�nE 9�㢩��o�y!"h�~�"G<c ��Y�]\� �h��C��E�q��9�q:TH�0>�[�Ye�#T�fu��П� �n�e,Q0��7>�3m �f��R"I��2�N�m�� 8Ȟ%%�g�( �QD%�0g5sЦ�kVD.Å��I��7{y��E4Q�p͡�Wd�R폰Y�-Q�yI4��N��:8%�o��<�](d%�ӯ�W��g�6)�Cj��2�8q��q��?A�U��"��_pE*ݯޜ^M��%��\: l꫘/��M�-S�2�@*�'�֣�#p:� � �"��8��f��w#�~0$Y��:3�T�z\�A^>¥��&�r��"��h u�bt� x?{XA��n�d*� ;��_��;;d>)�J^ǔI&��}?F?��r@�}b�w��d��"��1�0�bsݖ��yݷ��'��_�fY_�s|��i�Ŗ�zDs̷û3�ӉhƚM�f��io��)a�4��9Z'�)Enrh��Δ�z��3ūq��l�N��q뭝��(�L��w��'��LOI7��^��y�b��=����z~'pY.��f�V�wVI�f ��i��]>��#��o�0�v��S�tOGu6��I?��>�ï4P��+ �� ca��v��y��&�8��9Ȭ��PC˂�%.`��p)A~�=��_�v��lFqaȸ�H��|�P��x��lS��+W��m)fk'j �RRs��q�]xxk_3~��h�x�5��3:�3t�LΗ�1F�w�B}��@۠�Q��W��&��7��=<��s�"�_I�\(�)�Tn�G��hS$�!�g��f�&J�9rOZ�a|�9MQ7��6�4`l2I��$��Q�㞱9��N�64(�ЗG��@�[�\�8��D�O�}c%v�Kq��^L�ė|�Z|9e��3��u�8�0�Z.��l:1�@��٭Ik0�%�6+�L�a�*�{��k��Cy4�/J�^�Y~)��蠛˟�V�Qs��0-4?ˤq�^��a��h�d�JId�fg�y $�ml��&S��;��m�n��O�Y%Pbw��R��e-56��"9n��<��I0��^1o��B��#gE�/HD�0�Z��|/��.�竡?�K�ɲ��Є��WI&��o��u`��n;��vr'N�;�q67��l��+�I�K"��:N!j�qo?��p=��o�*��#��G*�a��P��yU[S��:`sv~�g�JJ!^�cG�b ZF-�J�Y��۽�bl��_XB'�&#�Jc{W�/�찜ą��7�-�DH&+�}i��G(

Sections

CODE
Size: - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 817KB - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4568ba78d6db41882f74ce9a6c837085

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

imm32

shell32

Exports

Exports

Sections

CODE Size: - Virtual size: 499KB

DATA Size: - Virtual size: 8KB

BSS Size: - Virtual size: 5KB

.idata Size: - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: - Virtual size: 24B

.UPX0 Size: - Virtual size: 38KB

.rsrc Size: 30KB - Virtual size: 257KB

.UPX1 Size: - Virtual size: 279KB

.UPX2 Size: 817KB - Virtual size: 816KB

.reloc Size: 512B - Virtual size: 116B

CODE
Size: - Virtual size: 499KB

DATA
Size: - Virtual size: 8KB

BSS
Size: - Virtual size: 5KB

.idata
Size: - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: - Virtual size: 24B

.UPX0
Size: - Virtual size: 38KB

.rsrc
Size: 30KB - Virtual size: 257KB

.UPX1
Size: - Virtual size: 279KB

.UPX2
Size: 817KB - Virtual size: 816KB

.reloc
Size: 512B - Virtual size: 116B