e04db466da89e7b9e5ff72885f87d6e4619fcaf6bf6aa92b2875d630b8c75c45

General

Target

e04db466da89e7b9e5ff72885f87d6e4619fcaf6bf6aa92b2875d630b8c75c45
Size

23KB
MD5

16835b2ccc99cda10c2ab67226171350
SHA1

f94c71382e6d673268d72ff145301a5b46f7077e
SHA256

e04db466da89e7b9e5ff72885f87d6e4619fcaf6bf6aa92b2875d630b8c75c45
SHA512

ababb6c48755c477bd795258d61cecb2711508a340c169bfbca09109d1beff1c053605bf1d196288d480be153e557c6dc7b9dc2ab1276e492812a0152e369142
SSDEEP

192:jD3EaQCETnALb+52zNRS87VvoXZPy1WwLwGLbdbyR2bfYEXj7yQ:jD3Ea1EGbtjyXEWbC8R2DYA

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

e04db466da89e7b9e5ff72885f87d6e4619fcaf6bf6aa92b2875d630b8c75c45
.exe windows x86

a3651ab7d5555ff4420e99ffe1e394de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
OpenProcess
Process32First
Process32Next
GetWindowsDirectoryA
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrlenA
GetTickCount
GetModuleFileNameA
GetCurrentProcessId
GetCurrentProcess
ExitProcess
CloseHandle
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CopyFileA
Sleep

advapi32

RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

crypt32

CertCloseStore
CertOpenSystemStoreA
PFXExportCertStoreEx

ole32

CoCreateGuid

shell32

ShellExecuteA

shlwapi

StrStrIA

urlmon

URLOpenBlockingStreamA

user32

GetMessageA
wsprintfA
CreateWindowExA
DestroyWindow
TranslateMessage
RegisterClassA
DispatchMessageA

wininet

HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpOpenRequestA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntryA
HttpAddRequestHeadersA

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3651ab7d5555ff4420e99ffe1e394de

Headers

File Characteristics

Imports

kernel32

advapi32

crypt32

ole32

shell32

shlwapi

urlmon

user32

wininet

Sections

UPX0 Size: 20KB - Virtual size: 20KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 20KB - Virtual size: 20KB

.avp
Size: 2KB - Virtual size: 4KB