b6dc5af34bd5c3f956b3526857c60aabcad6293f2e6ae20ee154d2f5c6f8c826

General

Target

b6dc5af34bd5c3f956b3526857c60aabcad6293f2e6ae20ee154d2f5c6f8c826
Size

266KB
MD5

0822215c04345be5d819344198dcadb6
SHA1

068e9795ed664fd0ef5fe9003f9c6de3bc1cdc56
SHA256

b6dc5af34bd5c3f956b3526857c60aabcad6293f2e6ae20ee154d2f5c6f8c826
SHA512

83c1f0d648c5c6d51eed743252b8dd9802dd0256866c1758350d35b56f76ab89742fd0021f0f170a02eb38a7e4dc7b21ae587fa746ada72076d9fdaf8fe9d5f5
SSDEEP

3072:Y99p+aEtMild/4YIzVOhmViGHLgwmUyq/HyWgZqaeVOc0McU/9SnGsKQfFc80y7/:Y99pc3/4YIJ8m1MxUyRzoVOBlYQflIG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6dc5af34bd5c3f956b3526857c60aabcad6293f2e6ae20ee154d2f5c6f8c826

Files

b6dc5af34bd5c3f956b3526857c60aabcad6293f2e6ae20ee154d2f5c6f8c826
.exe windows:4 windows x86 arch:x86

e389d5659f269b92e98c132b84810e62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetVersionExA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
Sleep
VirtualAlloc
HeapReAlloc
IsBadWritePtr
RtlUnwind
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

ChangeDisplaySettingsExA
EnumDisplaySettingsA

advapi32

RegOpenKeyA
RegDeleteValueA
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 241KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e389d5659f269b92e98c132b84810e62

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.UPX Size: 241KB - Virtual size: 244KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.UPX
Size: 241KB - Virtual size: 244KB