9eda65acc69b8b1bbf33cb11799e5d5adcf667a9635a7f3350a9cf34466e3d9b

Sharing

Copy URL Twitter E-mail

General

Target

9eda65acc69b8b1bbf33cb11799e5d5adcf667a9635a7f3350a9cf34466e3d9b
Size

52KB
MD5

ef4361a86617041110f64add0b746f33
SHA1

94b9fe5a6e2bf0ce50379f5d1efb59b064ce156b
SHA256

9eda65acc69b8b1bbf33cb11799e5d5adcf667a9635a7f3350a9cf34466e3d9b
SHA512

9cfd443a263d2c15b68f2b49f2905a32e83d9acff0a6549024bae9bf0622d3061747ba89394e11ce81c36af7972a80a4d8647e911afa2d11bea48717967aa71b
SSDEEP

768:Yi7YukuQprl3Aaes2y3PJKyzGhF8AG9oz8y1pl8iVK/gde:NMlprRvnj3Pl6gKz9BB

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

9eda65acc69b8b1bbf33cb11799e5d5adcf667a9635a7f3350a9cf34466e3d9b
.exe windows x86

6055e0b208df1b861366ecde70ae7c94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
CreateFileA
GetVolumeInformationA
GetCurrentProcessId
TerminateProcess
OpenProcess
MoveFileExA
WriteFile
SetFileAttributesA
GetModuleFileNameA
WaitForSingleObject
CreateProcessA
GetProcAddress
FindFirstFileA
DeleteFileA
GetTempPathA
lstrcmpA
WideCharToMultiByte
lstrlenW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
lstrlenA
GetLastError
CreateMutexA
OutputDebugStringA
GetStartupInfoA
GetModuleHandleA
FindNextFileA
FindClose
Sleep
LoadLibraryA
GetCurrentThreadId

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCloseKey

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

__CxxFrameHandler
_strdup
_stricmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_except_handler3
_beginthread
wcsstr
swprintf
wcscmp
wcsrchr
wcslen
strncmp
fseek
ftell
fread
fgetc
strchr
fopen
time
exit
strlen
strcpy
sprintf
memset
strncat
strncpy
free
strstr
malloc
_strnicmp
strcat
memcpy
fclose
atoi
??2@YAPAXI@Z
fgets
fprintf
strcmp
strtok
fwrite

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize

oleaut32

shell32

StrStrA

shlwapi

SHDeleteKeyA
PathFileExistsA

user32

GetForegroundWindow
SetForegroundWindow
GetWindowTextA
CharToOemA

ws2_32

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6055e0b208df1b861366ecde70ae7c94

Headers

File Characteristics

Imports

kernel32

advapi32

msvcp60

msvcrt

ole32

oleaut32

shell32

shlwapi

user32

ws2_32

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.avc
Size: 3KB - Virtual size: 4KB