Trojan-Downloader[.]Win32[.]Upatre[.]blv-3ac7b3e1c679134d3b63793dc6df49f8467f387b78e17947a22b516636b89aed

General

Target

Trojan-Downloader.Win32.Upatre.blv-3ac7b3e1c679134d3b63793dc6df49f8467f387b78e17947a22b516636b89aed
Size

44KB
MD5

322cc3be1d5b0c41d707867146304d85
SHA1

f78dcee30556b822ae8f4f5d036329f3ed851f44
SHA256

3ac7b3e1c679134d3b63793dc6df49f8467f387b78e17947a22b516636b89aed
SHA512

5b0472a57cb90d44bb6c0997a0c862819b4c82a2a8c7f857edd416fdae3d41fc000d9205ed24bd710cb07f169b19256ee303b0cf063b56a36276ad94748ea326
SSDEEP

384:/cxpYKGlIk6gUb+wPafifOSSzGAhPBMtwO+ciqDpQ/XtU3e+v:Qp460iQGOO+RapQ/XtUO+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trojan-Downloader.Win32.Upatre.blv-3ac7b3e1c679134d3b63793dc6df49f8467f387b78e17947a22b516636b89aed

Files

Trojan-Downloader.Win32.Upatre.blv-3ac7b3e1c679134d3b63793dc6df49f8467f387b78e17947a22b516636b89aed
.exe windows x86

6f6a4a0319db47c7dbf930768f90572e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Imports

mlang

ConvertINetReset

odbc32

SQLDescribeColW
SQLDescribeParam
SQLDisconnect
SQLDriverConnect
SQLDriverConnectA
SQLDriverConnectW
SQLDrivers
SQLDriversA
SQLDriversW
SQLEndTran
SQLError
SQLErrorA
SQLErrorW
SQLExecDirect
SQLExecDirectA
SQLExecDirectW
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLForeignKeys
SQLForeignKeysA
SQLForeignKeysW
SQLFreeConnect
SQLFreeEnv
SQLFreeHandle
SQLFreeStmt
SQLGetConnectAttr
SQLGetConnectAttrA
SQLGetConnectAttrW
SQLGetConnectOption

kernel32

MapViewOfFileEx
GetACP
GetSystemDirectoryA
LocalAlloc
SetConsoleTitleA
EnumCalendarInfoW
GetFileSize
ReadFile
CreateFileA

mapi32

MAPIReadMail
MAPIResolveName
MAPISaveMail
MAPISendDocuments

crypt32

CertDeleteCTLFromStore
CertControlStore
CertCloseStore
CertAlgIdToOID
CertDuplicateStore
CertFindAttribute
CertFindCRLInStore
CertFindCTLInStore

netapi32

DsGetDcNameW

mtxclu

MtxCluIsClusterPresent

advapi32

AccessCheck

Sections

.text
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 10KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f6a4a0319db47c7dbf930768f90572e

Headers

File Characteristics

Imports

mlang

odbc32

kernel32

mapi32

crypt32

netapi32

mtxclu

advapi32

Sections

.text Size: 4KB - Virtual size: 24KB

DATA Size: 10KB - Virtual size: 80KB

.rsrc Size: 28KB - Virtual size: 28KB

Size: 512B - Virtual size: 496B

.text
Size: 4KB - Virtual size: 24KB

DATA
Size: 10KB - Virtual size: 80KB

.rsrc
Size: 28KB - Virtual size: 28KB