e7bc3ee8c747a2c37b649b026f922f2d5503dfdb5ae97bcff75a480c7e05a4e8

Sharing

Copy URL

Twitter E-mail

General

Target

e7bc3ee8c747a2c37b649b026f922f2d5503dfdb5ae97bcff75a480c7e05a4e8
Size

2.4MB
MD5

55fb1f6db6bb5bd2146ce73373aab5b1
SHA1

e47976e978474b7e8c2cc2de5d5e47584157673a
SHA256

e7bc3ee8c747a2c37b649b026f922f2d5503dfdb5ae97bcff75a480c7e05a4e8
SHA512

271343f0a0303c12050e452b9a3555370af9938aff9df5e6a32ad3bcb4e2d443aeb3616649eb7f4211ada1f5477a434cb870963a8ae345e63582481be2500f1a
SSDEEP

24576:1Hy7umzuv/4eaOhIAq2+976ALRSttcH1LeSrqTuXt7TIVcB8Lb11BeVbKSeDUn3/:1EZ8vhI92fA3Nv9IyB831rdY4Vt

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

e7bc3ee8c747a2c37b649b026f922f2d5503dfdb5ae97bcff75a480c7e05a4e8
.exe windows x86

c9e403139cf31d44d17b620c200c2259

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose

ws2_32

WSAStartup

version

VerQueryValueA

rasapi32

RasGetConnectStatusA

kernel32

DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendDlgItemMessageA
MessageBoxW

gdi32

CreateCompatibleDC

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoRevokeClassObject

oleaut32

SysStringLen

comctl32

ord17

oledlg

ord8

wininet

InternetSetOptionA

comdlg32

GetSaveFileNameA

Exports

Exports

�5jeȾ�JE��+x��-�ݮ%�-GQ+�Ɓ��b˿k��;c��X��r4�2] y|��0��<=��~��Qm?��Q��k��R7��(�i�C p��S�w:�GE�(Vf4��p �5�M':�٘��$��c��cY��B��>?��&J�+�P��,;\M�<F��^�p^�L`�դ<k*��WiUY�:@J��U#�&��IM �~�X�7V��9d�d��A-� ӇcI ��Fh"f2}WYa�DPnp%��ʜ��5G�{�X�W>9كOd�}�[��ug��'��}Z#q*D�$��ˆ��a\�q:�6�'7�5XL�W��9&��D�<ˇ#qN�>�Y�g��ª��eN��,!O"�]iG�6N<��'�쑅3��.�;��hi{\�/�=��5_s�&2�r��. bV;��OA,��zN%�Fk� ?�Z#��Վp��U��郜��8�%��:^e��C�f��x�pJ��As�o+�� #F�s��/|�øUM��i��ub9��Gqw��/�4�G��'6�%�v�,̵��ObĻ.��p|��eP��n��zr �֤wS ��[�|��d��U�Yg}Œ��Iֈ��dLQ�j��݁��&��G��,�_�B�Ď&�r�c��*7qQ��3�l;�Q�g�Z�X��Ѝ�%P��uc瑳Aj)�p��W��)��x�L|j��S<�v�X�8�5��A�Bn9w��[��$ /MC>�K�� -��ē�?HI�㼁c'|�l�4|V�!�%\�y��֫�,�!��y:��tjV�}�r#��+�.�|\8NHqK��D!��Q ��t��F�" �T�v+X��n��i�Q��4ƀ�֩��&1�l<�,��M�qA|V��<��ڢ8!�S�\rIf��Y�o��^��b��,�4�X�'K`%m��4O��\m�U�YTxn��N�ԁ��I��`��[Vi��Ջ4n��24��u�ˑ��u��R�Q͙�@!�^e ��5zV8aJP�Te�d��bP%�i�'HQ*qz� �0��7�Ŵ�˹�/��T��Ŗ��)qcU�ts!�Iz5�.��e��;�Fo�a�ۃ�I��M�}q�k� c*�i�4s�<��0��]9�Q��B@�d�7�LRap<�g�D��q�۔;i��|F�t��ɦ)sv.W\bBg��K�( %��iw��b�, :#i��HAm?��ɱ��uGS��Q��HN�h0+�o��\��j�?��G�e �_C\s撍�j��v+Bdx!�I��-yu��+�~��}:^\Ÿ�a�+�D@��F[�u��̕g�J��?�� b�U�^ȹ[T�жs��J2H�`�� F7K!��D�ԑ8,�C]��?j��\�,tϯ޹)�J�I0<Q$_�ƜKMP��C��J#�{�9ظ]��xȣ� ��A:�D#�I�B�a�+��=v7��o#5O\��%rbX49��R+�f��9\�P� ʝz�e�+ٲ��CL��+"�^�J�YM]��'�JAݳ,�GdI�ң��PՄ�t�*��;�~�/��q��&ҡ��v�ކh�ވ�{%~��D_�/�-�U��Q��F� �?�Ua��J��<f1��\S��ct$��4;��N��M :�"$Z��.�5<6G]�d��z&ݗ;u��.;Ղ�7 ]#}��_{O�z��N配�vR.�@��1�ε�>��%0��"X��D�{��֤��s��L9"�7��E��x�'�8��^P��NJ�e��ox|�;�mĲ��q��P��~�,�YO�3��'��6 �ol޳C�+_�|7�H�ҟP�au��)��a�=��)�k��DW�΁P��R�?B�$(� _�ֿ8�ݘ��A/��z^��( ��qU)�4nS"��̨��Y�x��/�5>ŕ��i��3�#0އ�x\�\�3�a�{M��Ϊ1��LB1��&'��Ѿ��%��ȃ��D�|��`�t^y��n ��X��I$$]��@tF{'�N�;9ST�9ʅ.H�,)p�ޕJ ֙��W�a� ��'�7�P1��~��@cDt��0`�Ar� ��{P�I�Ug�@~�}�$IeH��ǻ圓#�̛0/!9��ˎ��I��j�2��$J��!�>�jeZ a� %�EXPq�-�y��)Ԑ��j�y�4�&tǡ��%��cF�aJ��K��v�v�� !RYZ�8E��[M��K�^==Kua��Gi��JCJ`)��b�C�\��>Ϲ7�F|�[�7�̙� ��-p��3��]�kR�� 0�Wߙ��X��r��G�]�,Uzn;$/�d S�d ��5�?��p�X6k2ꠖ,��{�奝�)R2�+.*�=��KX��Ffh��)O|��/��6�g|E$�;�Sq_(��U#tp�ۜ��:su�%��qm��g)"Z��.�T�#]!��b�1ހ�:��ۮ��;[� ��<+�!i�`�(��͕wA��O��(�Au�^��2�f�ݭ��0C�[�1�|��;�^X��ޔ�ح�o` &�N-�eL"K��FF�R�I�H+��4��줲�Ä��N~��C7�Clp��eQX��xk(�F��w�k[B��!«��j��7�d{��*��f79M�G��&vM{��}܊/["��x�Ӕ��9�%[�:�7��+��%n_�}�s��:�F��}c�?��E�Y�U�� b -��udI�� /�2��@R�^9 ��4�(X��/��>1UW�� @�{�Ț�#pSc*#_��Х`�� C�lZ��M�%V�3��Wݱp��[L��s�B��H�E�h��I

Sections

.text
Size: - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 919KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9e403139cf31d44d17b620c200c2259

Headers

File Characteristics

Imports

winmm

ws2_32

version

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 513KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 226KB

.UPX0 Size: 32KB - Virtual size: 32KB

.UPX1 Size: - Virtual size: 919KB

.tls Size: 4KB - Virtual size: 24B

.UPX2 Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: - Virtual size: 513KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 226KB

.UPX0
Size: 32KB - Virtual size: 32KB

.UPX1
Size: - Virtual size: 919KB

.tls
Size: 4KB - Virtual size: 24B

.UPX2
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 32KB - Virtual size: 29KB