4009a1e9aa3026675e11aca97aeebf60

General

Target

4009a1e9aa3026675e11aca97aeebf60
Size

172KB
MD5

4009a1e9aa3026675e11aca97aeebf60
SHA1

4163cf07fc21cb4eed8065b4cd72c979a5e8e792
SHA256

45531ade9b831c9facabede06463e09e7b5722760bf4ea433486f4f2c6acc695
SHA512

992612f4275daaf4b7ebfdcac40754ac0690a0c030fa43193ac0407b16ad70ba8d29ed8c307717fd142a8bb82827bca680a95500c889b5554031f8d17f4c02e9
SSDEEP

768:Fhd8PrCoWZflvW0FuLRNf9ZbGY3wuufPScFgNcAWhA/5E6rbV4NQDAjPzEi5M3v4:FhWPrCoAfld7JA/xb0jPIdO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4009a1e9aa3026675e11aca97aeebf60

Files

4009a1e9aa3026675e11aca97aeebf60
.exe windows:4 windows x86 arch:x86

74bebc5be0518e409d0e8eae246b7b9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
LCMapStringA
FindFirstFileA
CreateThread
CloseHandle
Sleep
TerminateProcess
Wow64DisableWow64FsRedirection
CreateDirectoryA
MoveFileA
Wow64RevertWow64FsRedirection
GetTempPathA
GetWindowsDirectoryA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
IsWow64Process
GetLastError
VirtualAlloc
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
ReadFile
GetFileSize
CreateFileA
DeleteFileA
WriteFile
GetTickCount
RemoveDirectoryA
FindNextFileA

msvcrt

memmove
_strnicmp
??3@YAXPAX@Z
__CxxFrameHandler
modf
malloc
free
strtod
tolower
rand
srand
sprintf
_ftol
atoi
strncmp

shell32

ord680

user32

MessageBoxA
wsprintfA

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
DeleteUrlCacheEntry
InternetGetConnectedState
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA

Sections

UPX0
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74bebc5be0518e409d0e8eae246b7b9a

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

user32

wininet

Sections

UPX0 Size: 80KB - Virtual size: 80KB

UPX1 Size: 16KB - Virtual size: 16KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 80KB - Virtual size: 80KB

UPX1
Size: 16KB - Virtual size: 16KB

UPX2
Size: 72KB - Virtual size: 72KB