015ad0a70ec71e668d0bc6c749ddd0ce2a41f71c2bb73f735e3fa20a323272f1

Sharing

Copy URL Twitter E-mail

General

Target

015ad0a70ec71e668d0bc6c749ddd0ce2a41f71c2bb73f735e3fa20a323272f1
Size

132KB
MD5

011237a38ebfcb85baabef781e2ed020
SHA1

df0f4d509fa78261d9854b1bffcc35d335426355
SHA256

015ad0a70ec71e668d0bc6c749ddd0ce2a41f71c2bb73f735e3fa20a323272f1
SHA512

0d975365340aaa27f2c85437e96b195a38ce2eda4400975cae073117aed66df658d2c907f39d41d61369cbe743971178da179ae1c4bf0f14ef114817777aaad2
SSDEEP

3072:HN51vsHXx8PlWtCMmnc/v0mQtQ///vaqOD:HN5hiXmktCdncn9GQ///Ch

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

015ad0a70ec71e668d0bc6c749ddd0ce2a41f71c2bb73f735e3fa20a323272f1
.exe windows x86

870e0c8424ee075d68b99cfe11dfee01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
InterlockedExchange
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetStringTypeA
VirtualAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetFilePointer
HeapSize
HeapAlloc
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
SetUnhandledExceptionFilter
FlushFileBuffers
IsProcessorFeaturePresent
SetFirmwareEnvironmentVariableA
ReadFileEx
ExpandEnvironmentStringsA
GetComputerNameA
DuplicateHandle
SetComputerNameA
VerSetConditionMask
VerifyVersionInfoA
WriteFile
GetLastError
GetSystemWindowsDirectoryA
GetVersion
GetStdHandle
GetFirmwareEnvironmentVariableA
ReadFile
GetVersionExA
OpenProcess
Sleep
GetModuleFileNameA
CloseHandle
CreateFileA
GetProcAddress
LoadLibraryA
GetThreadContext
WaitForSingleObject
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
CreateProcessA
GetCurrentProcess
GlobalFree
CopyFileA
CreateThread
GlobalAlloc
GetEnvironmentVariableA
SetEnvironmentVariableA
CreateMutexA
GetLocalTime
OpenMutexA
GetVolumeInformationA
ExitProcess
TerminateProcess
RtlUnwind
RaiseException
CreateDirectoryA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapFree

advapi32

RegEnumValueA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
StartServiceA
ChangeServiceConfigA
ControlService
DeleteService
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegOpenKeyExA

dnsapi

DnsQuery_A
DnsRecordListFree

user32

EnumDisplayMonitors
DrawFrameControl
SetDoubleClickTime
GetDoubleClickTime
LoadCursorA
LoadIconA
GetSystemMetrics
LoadImageA
GetSysColor
SetSysColors
LoadBitmapA
GetMonitorInfoA
DrawFocusRect
FrameRect
GetSysColorBrush
GetKeyboardType

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

ws2_32

Sections

UPX0
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

870e0c8424ee075d68b99cfe11dfee01

Headers

File Characteristics

Imports

kernel32

advapi32

dnsapi

user32

wininet

ws2_32

Sections

UPX0 Size: 128KB - Virtual size: 128KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 128KB - Virtual size: 128KB

.avp
Size: 3KB - Virtual size: 4KB