e860784b08d48fb1362526c53464f40b07cfba05b3476f8cc1ad45d46d919d64

Sharing

Copy URL Twitter E-mail

General

Target

e860784b08d48fb1362526c53464f40b07cfba05b3476f8cc1ad45d46d919d64
Size

104KB
MD5

c0799c52ef39fcce5944bb2ea05db985
SHA1

ec33813275d4c23f4d81c6affb714b214db1fd10
SHA256

e860784b08d48fb1362526c53464f40b07cfba05b3476f8cc1ad45d46d919d64
SHA512

097a156eb063a3ef8b9fedbd0976e1a94ef4132a3b501f47cfba6013001d74bed6dd26fc644777814899a2f7e0b6f9d909cba459c5aed79db12f40c8db87e421
SSDEEP

1536:tI8TmqUj//EuCg6zNBIMpmAdMivn5i4V0pJSmC5wOHbSFtRP24e:tRaqUj/cg6RqWdMiP5kC5lSFtRP24e

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

e860784b08d48fb1362526c53464f40b07cfba05b3476f8cc1ad45d46d919d64
.dll regsvr32 windows x86

77093b6366e1ad9d8929a03bc6044360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
CloseHandle
ReleaseMutex
lstrcpynA
IsDBCSLeadByte
SizeofResource
LockResource
GetStringTypeW
FindResourceA
FindResourceExA
lstrcatA
FreeLibrary
LoadLibraryExA
CreateThread
WaitForSingleObject
CreateMutexA
OpenMutexA
GetEnvironmentVariableA
WriteFile
CreateFileA
CreateProcessA
GetProcAddress
LoadLibraryA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
LoadResource
GetOEMCP
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree

oleaut32

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

shlwapi

PathFindExtensionA

user32

SetTimer
KillTimer
CharNextA

wininet

InternetOpenA
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77093b6366e1ad9d8929a03bc6044360

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

rpcrt4

shell32

shlwapi

user32

wininet

Exports

Exports

Sections

UPX0 Size: 96KB - Virtual size: 96KB

.rsrc Size: 4KB - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 96KB - Virtual size: 96KB

.rsrc
Size: 4KB - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB