b07449c102ee7e9b111e7968d054a8246211fe7040d7a1cf66db4292f0f513ef

General

Target

b07449c102ee7e9b111e7968d054a8246211fe7040d7a1cf66db4292f0f513ef
Size

157KB
MD5

71355496476f5b4fe2f45e34f87bd98b
SHA1

b27fbdf92fc627a64e4a2a23f56e49f1622c71e1
SHA256

b07449c102ee7e9b111e7968d054a8246211fe7040d7a1cf66db4292f0f513ef
SHA512

00b4c7312ca53e3c31bd28e667a21bb109543821bed231a4de79376aad2943e6bacbfee38ebc5973fe3306eaae8405d1c7490ed18f08058841d57ebf57c23c51
SSDEEP

3072:WU8g3YJxnbVpKre0KnlWxP0AqUnprPscsP2B0Exi2Q1oUupm:WUSbVA6VlbUnDs9sbQ1o

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b07449c102ee7e9b111e7968d054a8246211fe7040d7a1cf66db4292f0f513ef
.exe windows x86

1ed089b25b508fbc104b7965dc397603

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapSetInformation
SetThreadUILanguage
LocalAlloc
LocalFree
SleepEx
GetLastError
GetTickCount
GetCurrentThreadId

msvcrt

?terminate@@YAXXZ
_except_handler4_common
_controlfp
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__getmainargs
memset
memcpy
strtoul
exit
_write
_setmode

iphlpapi

IcmpSendEcho2
IcmpParseReplies
Icmp6SendEcho2
IcmpCloseHandle
Icmp6CreateFile
IcmpCreateFile
Icmp6ParseReplies

user32

CharToOemBuffA

ws2_32

closesocket
WSACleanup
WSAIoctl
freeaddrinfo
getnameinfo
inet_addr
WSAStartup
socket
getaddrinfo

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ed089b25b508fbc104b7965dc397603

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

iphlpapi

user32

ws2_32

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 39KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 770B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 39KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 770B

UPX0
Size: 144KB - Virtual size: 380KB