db59c75dfaf78db4b648195e63f3646c_JC[.]exe

General

Target

db59c75dfaf78db4b648195e63f3646c_JC.exe
Size

160KB
MD5

db59c75dfaf78db4b648195e63f3646c
SHA1

1e727d6e10f4349ef769d98d536d576dfb83fdd3
SHA256

199317d6d551755952f306d032d21ab773cd918f73d203b2aef1ccf10a17b5e3
SHA512

46d25eacb247d0c49d8fe841e4d96c3aaa2c45e54461038a9db9bf850cf1c2bf76e629b36fd9b806ded277ef531f3c2e0ac1125fb61f935e3864e000dc654328
SSDEEP

1536:uuQRyle0Y9WV32pauUIgV92++Kf/vwdd5QMKc:FQMle0wQ32QuxA92++Kf/Ydd5QMKc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db59c75dfaf78db4b648195e63f3646c_JC.exe

Files

db59c75dfaf78db4b648195e63f3646c_JC.exe
.exe windows:4 windows x86

050c5e8e1ff71ae54b78e206750c8f8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetFileTime
GetLastError
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
OpenProcess
Process32First
Process32Next
ReadFile
SetFileAttributesA
SetFilePointer
SetFileTime
SetPriorityClass
Sleep
TerminateProcess
VirtualAlloc
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegSetValueExW

user32

ExitWindowsEx
wsprintfA

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
getsockopt
htons
inet_addr
ioctlsocket
recv
select
send
socket

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

050c5e8e1ff71ae54b78e206750c8f8c

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

Sections

UPX0 Size: 52KB - Virtual size: 52KB

UPX1 Size: 32KB - Virtual size: 32KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 52KB - Virtual size: 52KB

UPX1
Size: 32KB - Virtual size: 32KB

UPX2
Size: 72KB - Virtual size: 72KB