95fbcd3410622fb96d649d389b3841e03e3e3816855e6df5090c01a2908f4703

Sharing

Copy URL

Twitter E-mail

General

Target

95fbcd3410622fb96d649d389b3841e03e3e3816855e6df5090c01a2908f4703
Size

252KB
MD5

65d4e56fbaf46c1d35ee7ffa94b196f2
SHA1

8e97b0dfefa1910136aff33f315184535ba4a50a
SHA256

95fbcd3410622fb96d649d389b3841e03e3e3816855e6df5090c01a2908f4703
SHA512

c32e1c521ff0debb838e807daaa25e53567c25652953f384ca6582129ec4630ffedd3e25c55e74dcef7b328ec0950b468b7642a74e74b9fd794c2d18500b067f
SSDEEP

3072:68MnozvTtJEmqKOOMOgXxgaAK0HdJlrIS2QLvF7e+ru3g7l+qtv:3MUvjZOOMOgB30tILQbxY3il+q1

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

95fbcd3410622fb96d649d389b3841e03e3e3816855e6df5090c01a2908f4703
.exe windows x86

5eb208240db90e22bbb460735b40f8ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

js3250

JS_GC

xpcom

?AssignWithConversion@nsCString@@QAEXABVnsAString@@@Z
??_7nsCaseInsensitiveCStringComparator@@6B@
?StringBeginsWith@@YAHABVnsACString@@0ABVnsCStringComparator@@@Z
NS_GetComponentManager
?SetLength@nsCSubstring@@QAEXI@Z
?LossyAppendUTF16toASCII@@YAXABVnsAString@@AAVnsACString@@@Z
?LossyAppendUTF16toASCII@@YAXPBGAAVnsACString@@@Z
?Assign@nsCSubstring@@QAEXABV1@@Z
?FindChar@nsCSubstring@@QBEHDI@Z
?FindChar@nsAString@@QBEHGI@Z
?Insert@nsAString@@QAEXGI@Z
?EnsureMutable@nsCSubstring@@IAEXXZ
?Equals@nsCSubstring@@QBEHABVnsACString@@@Z
?Insert@nsACString@@QAEXPBDII@Z
?Assign@nsCSubstring@@QAEXABVnsACString@@@Z
?Assign@nsACString@@QAEXABV1@@Z
??1nsGetInterface@@QAE@XZ
??1nsGetServiceByCID@@QAE@XZ
??0nsGetServiceByCID@@QAE@ABUnsID@@PAVnsISupports@@PAI@Z
?Equals@nsCSubstring@@QBEHPBD@Z
?EmptyCString@@YAABVnsCString@@XZ
??0nsCOMArray_base@@IAE@XZ
?NS_NewArrayEnumerator@@YAIPAPAVnsISimpleEnumerator@@ABVnsCOMArray_base@@@Z
?InsertObjectAt@nsCOMArray_base@@IAEHPAVnsISupports@@H@Z
??1nsCOMArray_base@@IAE@XZ
??0nsVoidArray@@QAE@XZ
?assign_with_AddRef@nsCOMPtr_base@@QAEXPAVnsISupports@@@Z
?AssignWithConversion@nsString@@QAEXABVnsACString@@@Z
?EmptyString@@YAABVnsString@@XZ
NS_NewNativeLocalFile
NS_InitXPCOM2
??1nsGetServiceByContractID@@QAE@XZ
?AppendInt@nsCString@@QAEXHH@Z
?assign_from_qi@nsCOMPtr_base@@QAEXVnsQueryInterface@@ABUnsID@@@Z
?assign_from_helper@nsCOMPtr_base@@QAEXABVnsCOMPtr_helper@@ABUnsID@@@Z
?Assign@nsCSubstring@@QAEXPBDI@Z
NS_ShutdownXPCOM
??1nsCOMPtr_base@@QAE@XZ
??0nsGetServiceByContractID@@QAE@PBDPAVnsISupports@@PAI@Z
??0nsCreateInstanceByContractID@@QAE@PBDPAVnsISupports@@PAI@Z
?Adopt@nsCSubstring@@QAEXPADI@Z
?sEmptyBuffer@?$nsCharTraits@D@@2PBDB
?Adopt@nsSubstring@@QAEXPAGI@Z
?sEmptyBuffer@?$nsCharTraits@G@@2PBGB
??1nsACString@@QAE@XZ
??1nsAString@@QAE@XZ
?Replace@nsCSubstring@@QAEXIIPBDI@Z
?sCanonicalVTable@nsObsoleteACString@@2PBXB
?sCanonicalVTable@nsObsoleteAString@@2PBXB
??0nsGetInterface@@QAE@PAVnsISupports@@PAI@Z

nspr4

PR_GetSpecialFD
PR_Now
PR_sscanf
PR_Read
PR_GetEnv
PR_fprintf
PR_SetEnv

plc4

PL_strlen
PL_strcmp

kernel32

GetStartupInfoA
GetModuleHandleA
CreateFileA
GetCommandLineA
CloseHandle
AllocConsole
GetStdHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetWindowsDirectoryA
GetModuleFileNameA
GetShortPathNameA

user32

DdeInitializeA
LoadStringA
MessageBoxA
DestroyWindow
SetForegroundWindow
SendMessageA
DdeCreateStringHandleA
DdeCmpStringHandles
DdeCreateDataHandle
FindWindowA
DdeUninitialize
DdeFreeStringHandle
DdeNameService
DdeQueryStringA
ShowWindow
IsIconic
DefWindowProcA
DdeUnaccessData
DdeAccessData
CreateWindowExA
RegisterClassA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

msvcr70

_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
getenv
isspace
??_U@YAPAXI@Z
strcpy
??_V@YAXPAX@Z
_snprintf
_open_osfhandle
_fdopen
strncmp
fseek
ftell
fread
free
fwrite
fclose
_fullpath
srand
__getmainargs
strncpy
fprintf
atoi
strrchr
??3@YAXPAX@Z
_iob
setbuf
malloc
strcmp
strchr
sprintf
??2@YAPAXI@Z
_execv
printf
tolower
strlen
__p___argv
__p___argc
_except_handler3
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
rand

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5eb208240db90e22bbb460735b40f8ea

Headers

File Characteristics

Imports

js3250

xpcom

nspr4

plc4

kernel32

user32

shell32

msvcr70

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 98KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 98KB

.UPX0
Size: 104KB - Virtual size: 252KB