b09e659977fb933d6def1331dcc92532481c0e5b54dd61b80a2ecbc2b648009c

Sharing

Copy URL Twitter E-mail

General

Target

b09e659977fb933d6def1331dcc92532481c0e5b54dd61b80a2ecbc2b648009c
Size

188KB
MD5

d9887f83fcc409a945feadef20db5637
SHA1

be7032ebcb6a6869fb5acaa8cef46101e11b86a4
SHA256

b09e659977fb933d6def1331dcc92532481c0e5b54dd61b80a2ecbc2b648009c
SHA512

aa3ab765b183887cd7acdf74d781e21fdf74a02efd9829a9a0bb0630f80539b16cbc043f8a8403d025fdfbcb11bd7fb557844be6ca2051fc169497e5210e94bb
SSDEEP

3072:PTn7Xg3S7ngtEQDMdAy9AZrPXIJWwbqQRlH5zeYvDUhEe5xkBgkFeh3F7nSG9p:rn7XqDOAy6Zjcq8EEeDK+VuEp

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b09e659977fb933d6def1331dcc92532481c0e5b54dd61b80a2ecbc2b648009c
.exe windows x86

bd0a57828234fa6c436517c174ee1894

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

PropertySheetA

iphlpapi

GetTcpTable

ws2_32

ntohs

msvcrt

__p__fmode
__set_app_type
__p__commode
_controlfp
strrchr
_exit
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_adjust_fdiv
strncmp
fputs
rename
fgets
strncpy
atoi
malloc
_strupr
free
fopen
fclose
sprintf
_except_handler3
strstr

mfc42

ord1168

kernel32

GetStartupInfoA
LoadLibraryA
GetModuleHandleA
CreateMutexA
GetLastError
DeleteFileA
GetVersionExA
CloseHandle
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
FreeLibrary
CreateProcessA

user32

TrackPopupMenu
GetWindowTextA
ShowWindow
SetFocus
EnableWindow
MessageBoxA
UnregisterClassA
DispatchMessageA
IsDialogMessageA
IsWindow
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
FindWindowA
DestroyMenu
LoadStringA
SetForegroundWindow
GetCursorPos
GetSubMenu
LoadMenuA
DefWindowProcA
KillTimer
PostQuitMessage
CreateDialogParamA
DialogBoxParamA
EndPaint
BeginPaint
SetTimer
EndDialog
SetDlgItemTextA
GetDlgItem
SendMessageA
PostMessageA
GetParent
DestroyWindow
SetWindowTextA

gdi32

TextOutA
GetStockObject

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

Shell_NotifyIconA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd0a57828234fa6c436517c174ee1894

Headers

File Characteristics

Imports

comctl32

iphlpapi

ws2_32

msvcrt

mfc42

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 48KB - Virtual size: 47KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 48KB - Virtual size: 47KB

.UPX0
Size: 108KB - Virtual size: 260KB