943269d4bd65e6899b05955b46e6aa2f2291fc73ed08f2ef8752298628c708ed

Sharing

Copy URL Twitter E-mail

General

Target

943269d4bd65e6899b05955b46e6aa2f2291fc73ed08f2ef8752298628c708ed
Size

357KB
MD5

f77ac1632392401430881e9f5cf3855d
SHA1

6a562f6214ecac88fba6de3f049846af8e4aa435
SHA256

943269d4bd65e6899b05955b46e6aa2f2291fc73ed08f2ef8752298628c708ed
SHA512

2b618468e3762897316eebb76e6c0c03e705496880c526b310709e4d98d441f545b33e94f5eb3c3502293fd1206534234eacacd68da6f7105208888f00013bdd
SSDEEP

6144:WekmVG9tVseT07XzZZTu3WrKTpMST5ZX9RElx+XGy9rs1VBvEAtX2y2K:WekxVds1ZrrKtMY5bRIx+XI1/vEAtmyX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

943269d4bd65e6899b05955b46e6aa2f2291fc73ed08f2ef8752298628c708ed
.exe windows x86

a95c49f4dda17396914a9499359e3d57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32.dll.

GetProcAddress

kernel32

GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Exports

Exports

3"P��6��^2P��J��e�)\(*�f��P�[��A��(:^�0�f�}+��r?g��=%%�R��wp+K C��8vW��؁��v03rI�&��F�k��K�^��t�Aa&��$�V�Q�ȋ+��[/�nl��ǿ�ִ��<�p�<gQ��{dN�Ņ�w@t�aq��*6�pFE�x��H/��!�o��4��M��XQNl@w�a��y�]�yB[��͒`�N$a�?�z�l�F�`��L�y3��j�.��O{ak~��bq�ȩ?|n�t��"��l W��K�j6mҰ��)3�f�h7ǆi�KX�� 7=M��:�m5T�<8g�.c�:��:PY��\s��S<M k�E�͘�:@/8�]\'�K՚p2l��G|��gcۃ[�+��[óf��P�;�(��!�� %є��mh�1?�o� ��W"+x��XBp��>��L��y�Gɪ��A?ܷ��&5�', <h��T�xB��1��p4�jm\m(<�V%Z�R��'�B/x�SDV��rˑ�$��N��Y#�@6��an`�9��!�񏇷D��ړ��|��MLd��S��݅��)��'M��/�r��m��o8ε�D�Y�:R�`��}��`�Va]D1u.��ҩ�sɦ��y<��8`�ٗ ��M�E�[�@��!4��l~!"a�G�0Y� ��:��T�R�i�&�TwP,��@��^�,��X��~j��Π��x��H_+A�|��)�q��c�T��/i�*��#��L7(<��ڨ�ߏ��b��{]C��(eid`F��>d��I43�uJƘ�:�K��c��|w��M�^��l�+ٮ�;�h��$n��y�ZR��WH2�hv.�:��)b/��%f�#�]�<_+��L�>��w�%: i~��3�Ql��P<v�Dm�ۜ��ݙy[�ײ�?��,��Z,o,Q��Zh*5�zxZ�e�'Iu�|�bj8 ��_�m��yhÊQ��!�D�b=>�xp��/]�zm�+�'��+�笍iwJ�1QM��eE]�0Ư�S�F�ն�`�+��e�B�8y��q]'Ls��)qݾl��T��&��m��1��`s�� ,��`��`ۄ�RҬ?��{v�;�`��7�l�њ�Sh[�h6�2�~r�-��/~F��!o��F��p�7��A�Ĩ�L�oa�m�K��kt^��?�$ k<d�r��QN��d�8XFF��>/�CQEn�@B��I�` s)qļ��r�/��N��߼��#v�a�t"j��w��k��ʑ�6�,�tb��+��@d�[�=~�9-�x!��Z�j�}��Z+��v>��!�y��r:��6*�Qy��{Y�G�^��- �w�$ ��X��K�(�E�r�S��SqP7��H�\;��E�L��(܉��4p��(�i8��n\?�� f�h�;��L�� D[��'j3�O��o��>3SjX4�S�A�0��<MrP4}��M��i��J t�r�̩亦��׹ɇ8蔝R~�ү q�|V��$��=[��37ӧ��,��yW�0�z��dJD >��dq7��n��4[��@��YP��{8�� j�[C�>�o(x��RمT]�%�}>�� |��7j��q��M��U\� �*s��U�[)�d��@�4�E��S�15��v�J�+��k��{�鞿0��܋U��X&q1�z��J��j�B�[�"l3(&�Yud��G�\�e��}i|�X1��:��7{=x��U�1;�]ʘ�:�5o�BP��gԧ�pQ��q\I)XaKM e7��&Nfs�f�� J�-��:�"��o�}v�21y`�d��>5DzU�E�/��i}j��(��5� ]k,j��2ќx�%v�2;AcƑ��mɵ0� h0<H\��diA�p�뀕Y�b�o B�Ɉ)�L�T��s.Aq��KLf�Wb��/��&�4Q��EB��o��U�޺�&^��Џ�ڣ�ȯt��'Fԩ�@��B�R�B�!��,��#!�#k��x@��pzYS��Gp��<��K�X?�BOn�D��A"��æ!sO(3��Q��w�� A��ĿTk9~��.�N��4�ݠ/� ��x��T<�^�e+T�7j��k"n�6��KX!�ξJ5��_qVe8��X��ק$_}w�L��#Jt��*��C��E�۠0�?�>��|X��s��-��%��E�2�zN�!��Q�$��]L��I�'Y]�J}��3�D��_�C��۝*��k&��ԣbV�r>>=(w77��>ѿ��K��'��FH��䴾��Gc��8򃄴l�X� ÷�O`�<|��H�}M^�)�3�,�z�M� �E�0Ȓ#G�ţÂ�⪹G�3d�__9+m>��IU�e`$��#~��P�=F��|��@��p��G�W��pp�/ ֡��M�}�ka��"9b�o��V,`�C̻|d�H�pP��epd��p��W�wc@�-��E� �jT��t�:A��*:��6�[M6�O� 䩒4�v��)�z��q��;]��]/��8�V-�sڑh��'��tC ��p��8@�̀��&��~��a�F֎��(hQ� f޻<3��r��D�Q_�&l�{��O�7,��d��@`�\� ��ڽo?6�Ḍ�y�b(\�y� ��W��i¡�lY^L�^�4]��c9]24��ë�VQlA�)7�N�,^�:��b��>��k�L�F6�YT+O�ʸ�1W�s��)g��iζ��&XI"'�vd i��M�F�1A�

Sections

.text
Size: - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a95c49f4dda17396914a9499359e3d57

Headers

File Characteristics

Imports

kernel32.dll.

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 555KB

.data Size: - Virtual size: 9KB

.bss Size: - Virtual size: 8KB

.idata Size: - Virtual size: 13KB

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 11KB - Virtual size: 37KB

.rsrc Size: 4KB - Virtual size: 7KB

.UPX0 Size: - Virtual size: 18KB

.UPX1 Size: 340KB - Virtual size: 339KB

.reloc Size: 512B - Virtual size: 168B

.text
Size: - Virtual size: 555KB

.data
Size: - Virtual size: 9KB

.bss
Size: - Virtual size: 8KB

.idata
Size: - Virtual size: 13KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 11KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 7KB

.UPX0
Size: - Virtual size: 18KB

.UPX1
Size: 340KB - Virtual size: 339KB

.reloc
Size: 512B - Virtual size: 168B