db5fb548f1c2fa30381e3b4d3ddfb26362cdfe22a5be3fba41f42fbb1b1122be

Sharing

Copy URL Twitter E-mail

General

Target

db5fb548f1c2fa30381e3b4d3ddfb26362cdfe22a5be3fba41f42fbb1b1122be
Size

4.1MB
MD5

9018c4ad9a5db3808eaab137f891ddc5
SHA1

e409c8ce50193b42cea77ea4294ed884a7bd9365
SHA256

db5fb548f1c2fa30381e3b4d3ddfb26362cdfe22a5be3fba41f42fbb1b1122be
SHA512

242242f8c1a2f8dc864ecbfd1870f7740f5b9cbfb38e642dea70c4b49ba5193a0e0c526d46a5a535ecfec4f089a8c72693742d64b616f3ca2ab5758b0ebcd88a
SSDEEP

98304:9Yurv+vbFM9tI+IojV5g6SnYWHiyc8He0HFcj/s/QP5JOrNUURYL:2uqjC9tI+9uiycOeicj/s/qJOxU0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db5fb548f1c2fa30381e3b4d3ddfb26362cdfe22a5be3fba41f42fbb1b1122be

Files

db5fb548f1c2fa30381e3b4d3ddfb26362cdfe22a5be3fba41f42fbb1b1122be
.exe windows x86

36955cc7f0c3ecdbf33fb53945a5c7d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysReAllocStringLen

advapi32

RegFlushKey

user32

GetMenuItemCount

kernel32

GetVersionExA
GetVersion
GetVersionExA
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

GetBitmapBits

version

GetFileVersionInfoSizeA

mpr

WNetGetConnectionA

ole32

OleUninitialize

comctl32

_TrackMouseEvent

imm32

ImmGetConversionStatus

wininet

HttpAddRequestHeadersA

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA

winmm

timeGetTime

d3d9

Direct3DCreate9

msvcrt

isdigit

d3dx9_43

D3DXMatrixTranslation

ws2_32

WSAIoctl

ntdll

ZwQuerySystemInformation

Sections

.text
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 624KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36955cc7f0c3ecdbf33fb53945a5c7d4

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

ole32

comctl32

imm32

wininet

shell32

comdlg32

winmm

d3d9

msvcrt

d3dx9_43

ws2_32

ntdll

Sections

.text Size: - Virtual size: 2.5MB

.itext Size: - Virtual size: 8KB

.data Size: - Virtual size: 195KB

.bss Size: - Virtual size: 624KB

.idata Size: - Virtual size: 16KB

.tls Size: - Virtual size: 56B

.rdata Size: - Virtual size: 24B

UPX0 Size: - Virtual size: 3.0MB

UPX1 Size: 4.1MB - Virtual size: 4.1MB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 2.5MB

.itext
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 195KB

.bss
Size: - Virtual size: 624KB

.idata
Size: - Virtual size: 16KB

.tls
Size: - Virtual size: 56B

.rdata
Size: - Virtual size: 24B

UPX0
Size: - Virtual size: 3.0MB

UPX1
Size: 4.1MB - Virtual size: 4.1MB

.rsrc
Size: 2KB - Virtual size: 1KB