9924c4a47bd2ed94809fadc2d253aca28ddf91bd2880fa98c3c33040cd18b342

Sharing

Copy URL Twitter E-mail

General

Target

9924c4a47bd2ed94809fadc2d253aca28ddf91bd2880fa98c3c33040cd18b342
Size

1.1MB
MD5

74d825f04dc4c58ba6206e27a6c13ce8
SHA1

b4c23c7cc3fe977d6db0cf90c319d1b3d35c41d4
SHA256

9924c4a47bd2ed94809fadc2d253aca28ddf91bd2880fa98c3c33040cd18b342
SHA512

05bd23ca0a89c84987b31ca749b87adae3e0a19b149749c9d59ab5d4c8028892c9738c865031ec6819b1b524c749c16a45a2a1aa43e20c4de7ac5bd5b0117670
SSDEEP

24576:ldQwuqN9ZR6cDlCbUVXsPzA8IxjTnuZcQLqm:ldQw16EuoqA8I1TuKQLB

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

9924c4a47bd2ed94809fadc2d253aca28ddf91bd2880fa98c3c33040cd18b342
.dll windows x86

b2a4f31f8c445b1d8d952d9ba64492dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
VirtualFree
VirtualQuery
VirtualAlloc
GetLastError
VirtualProtectEx
GetModuleFileNameA
InitializeCriticalSection
SetLastError
lstrlenA
LoadLibraryA
VirtualProtect
OpenProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
CreateFileA
CreateFileMappingA
CloseHandle
MapViewOfFile
UnmapViewOfFile
Sleep
lstrcpyA
DeleteFileA
GetFileSize
GetComputerNameA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
TlsAlloc
TlsFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
WriteFile
UnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile

user32

ShowWindow
EndDialog
FindWindowA
KillTimer
PostMessageA
UpdateWindow
RegisterHotKey
UnregisterHotKey
DialogBoxParamA
SetTimer
GetDesktopWindow
MoveWindow

msvcrt

fputwc
rename
isspace
isalnum
isalpha
fputs
isdigit
_access
fgetwc
ungetwc
_strlwr

Exports

Exports

A1
A2
A3
AX

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

code
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2a4f31f8c445b1d8d952d9ba64492dd

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 36KB - Virtual size: 44KB

code Size: - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.UPX0 Size: 16KB - Virtual size: 48KB

.UPX1 Size: 64KB - Virtual size: 64KB

.reloc Size: 16KB - Virtual size: 16KB

Size: 684KB - Virtual size: 684KB

Size: 4KB - Virtual size: 4KB

Size: 4KB - Virtual size: 4KB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 36KB - Virtual size: 44KB

code
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.UPX0
Size: 16KB - Virtual size: 48KB

.UPX1
Size: 64KB - Virtual size: 64KB

.reloc
Size: 16KB - Virtual size: 16KB