bdfac835cb7874cc1eaf589a9ba2228affe0d85890af4d6daa6ed29521e87386

Sharing

Copy URL Twitter E-mail

General

Target

bdfac835cb7874cc1eaf589a9ba2228affe0d85890af4d6daa6ed29521e87386
Size

348KB
MD5

65c9652a6fa72e5bf37d5640cee1f9f6
SHA1

9a3606e8d2ce3fc6bd369d83358fd2eedbf3645e
SHA256

bdfac835cb7874cc1eaf589a9ba2228affe0d85890af4d6daa6ed29521e87386
SHA512

d06dfda072c223b1f39c04c122089abc4452f6edf7115dd896d5a066060b2619d8fea36eef0a3510a1acf3553e10792d1a92e487f269cccd6d182b2b817fe3ad
SSDEEP

6144:uP+iJFV+S7NkbZOmLr4w8YRreFtiDftj6iUgoDjIm2:4+izVYbZOo8whmiDftN/Nm2

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

bdfac835cb7874cc1eaf589a9ba2228affe0d85890af4d6daa6ed29521e87386
.exe windows x86

3d09b7ac53bc43a3a2003dfc784ccde3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetLastError
GetSystemDirectoryA
GetVersionExA
FindFirstFileA
GetOEMCP
GetACP
FindClose
CreateFileA
GetFileTime
CloseHandle
CompareFileTime
GetWindowsDirectoryA
CreateDirectoryA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
FreeLibrary
CompareStringW
CompareStringA
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
HeapSize
MultiByteToWideChar
LCMapStringA
LCMapStringW
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
ReadFile
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
GetCPInfo
SetEndOfFile

winspool.drv

EnumPrintersA
EnumPortsA

advapi32

RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d09b7ac53bc43a3a2003dfc784ccde3

Headers

File Characteristics

Imports

kernel32

winspool.drv

advapi32

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 4KB - Virtual size: 720B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 720B

UPX0
Size: 144KB - Virtual size: 380KB