97bf321048b64236fb290f78000e0bbc4205368e39f16c799acd6edf65cdcac8

Sharing

Copy URL

Twitter E-mail

General

Target

97bf321048b64236fb290f78000e0bbc4205368e39f16c799acd6edf65cdcac8
Size

12.4MB
MD5

8229a0f9b6539f538e20464ee7560e98
SHA1

e3868f121f49e7087276b6d6c50f65220b81cb61
SHA256

97bf321048b64236fb290f78000e0bbc4205368e39f16c799acd6edf65cdcac8
SHA512

5ab650d6ddd20d32fc35a745a6ba7f5fa5b23d82ac829afa92a637b19b929c9d99f4bd8a0abe581227e269489d110a1046ff7d4620369ccb35cfc7d638be531f
SSDEEP

196608:Sze8tvqeqrjy27Cjyf8+guOfBIvB+2+7Lf17o80RCRTgtzlweg0AS8DG0Ce:Sy8tvqeiO27gBfdRn97QDzlBBAS8Se

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97bf321048b64236fb290f78000e0bbc4205368e39f16c799acd6edf65cdcac8

Files

97bf321048b64236fb290f78000e0bbc4205368e39f16c799acd6edf65cdcac8
.exe windows:5 windows x86 arch:x86

156fa62181c7811875ee760c99e6a0f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

rasapi32

RasGetConnectStatusA

shlwapi

StrToIntExA

winmm

midiStreamRestart

ws2_32

socket

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetScrollPos
CharUpperBuffW

gdi32

CreateHatchBrush

msimg32

AlphaBlend

winspool.drv

OpenPrinterA

comdlg32

GetSaveFileNameA

advapi32

RegCreateKeyExA

shell32

DragFinish

ole32

CLSIDFromProgID

oleaut32

SysFreeString

comctl32

ImageList_Read

wldap32

ord29

wininet

InternetCanonicalizeUrlA

msvcrt

fgetwc

Exports

Exports

��/�-lp��Cːr��Z��HvZ��e��Wgݐ,�8�k=8R�~�jBs5J 2�J�HI�./�@��l��̴�z߳!��#7��Ϻ�{�w�af��h;��^�uJ&��pH��^м!��#y�N��w-��c��U��kvS�~?�6^�:i��*��\�ϻ��U�RF�t�l��J��%a2Q�ABB;��JMn�b� �]�=_�!��P�_��¯u��4�x:$`D�7� i*��Xw��]\��`aY6k��|y�:��"�W�a�_��j��h�z��H��\��\2��5�Дy��΅�f;��<��m�Ì��n�Ѷy��s��Nyx��͕�9avK�nR�HLr{%��ע��T�颡� q��L�hN��Gdd"�"�b�5��VS��pR�p{�#u�r��H�C˿^��Q*i7(Py��p��0��=��&��V�72d��X�.T?��.��&n��w�t�B�Pl9��V��c1��䧶�w��&B��hi1c��f,d��p��!oa��3f�?$�f`VJ�QX�ˆ��%q��&�A g7��EՆ�o�@%�gi�lO�~]ѣA��e�;��$��d�@Y�{$�)p* Pce�|f��e��D<Y^��餿��1nM;"2v>^Zc��Q�sc*݆f��S ��m�&��mP��eEbR��n��s��<2*�j��/�םk~ah|a��T�TT�x��S��mj[K�A ɉ�& t ��W5�ް3'�� {��g!k�"�ɹ�8��i��$U�>��G�'��"/ἔ[��.ϲ2g��"��[�M:P5��C��nhs ��_��a�&��|�9�0�74�D��&�@3,�ӷ�T��D��ʨ��C0�0� ��V�y.t�M?�̲bG��؊�_��{Ѵ��W2��?��}s@e�~��z��+U�0W-��l��R,��3V��n2��|��?�o�� f��6��w�L{��RL��?@2Ppͫn�o1�`NTO�I��`��Oع^g��\��>�U��)u��Y�J�5e3.�� [ٚ�~��'#TJ��B�U՛�-rd$O@��\�-��Ϝ��b>��n�Ӆ�y�#�8P��Zr�8��vX��s�}��z@qқ[�o�,@n�;֑�PdV��*k�)��&m��G�_��l]ϫ0��Io�޺�9��]��f��/x��d��_:z��XpJ��+eK�g��"�h��K��[�LI�$��+9�,�afpR i��}��5w�\��k��~�^�}��_k� E&��h��{h� :p�� !bA��]�q#~&��1O��XȍU�D�0�T��3��Y��/�^�y�[7�L��N��d��$Z�Z�?�|h�@�q~!TB!�#��l��%l��,h/9�^m��'F��+�Ly�%΂!�_�� j��t��u1<Sl㎊�, Y�)h��yOp��^z�Z�7a�#��U��Ȃ+AY�� PW̺*,m�%�}��Q��C�x�<�x�' G�xs˘��p%~��8�N_�s��,�ɤ�T�O��.�"�>��D��,��WV��z^�B��7��"p%��q�� A&��Y.��{:L��i{��0GmZBKAv �2�]pp��M~�9 h��<p�T�<(��v��ƪ=�5��Mm��+��19��OY� ا�B�v��!O��S+��=��%}�ѮP��T�E�o'�Ö�\��Ul��ر��3�{�� _̼�څ:�͋��Y�Rҿ�娛��>��j�^0��92��d�VG|h� ��n��M��t�M�J/(�-�$ɭhS�C��cl/>f�GhΆV]�Z_7ŰW<�SD��Hf|9H�|��Ȁ�wz#�� f��(jI��I��÷=��Yr��Wf�͡��]WE�Y��i�K�Ě�}� aBߣ�8�=u� D��_vV�ū 4Z�H��^��yQ{�� Q�{Y8�b��"�w�0EJ;/z��ǨcW��y9?�fh�T�P�pU��ԉ�R:��ldtv��f��iG�93�+>��X+��c<��-��ֆo�s~�jr�?��}��&D��nJ0"�B��0"^�f�N��m��OH[�)g�re��љ� ��#д�s~�je_:O>Z��/)O]��i�7�2��<!��g�=`� '�*t7��u�h��7��P��݀�1C=,�~��F}4�̔C+H�Z� C鎷c J�4��i��܎`Gx��γ��펪v��rL*�2�(�;��!T[fuhF��7G]$-HQwr�8�"U��~�@(�nWz �Y�t]��p�ٌOW�� /~e*�囤k��Rsl�-$e(.?�ŗ�� 8�iJ:��y氜��/��A��|e;˩�Yu��RqN_��Z�Q�W ��P}Q�'��k�=Oʂ��D윅QV��paN'�r�e�O�Ql.6�bNv� ��a�,n1@rȕD��w��c�J��`��g��_�L.~[$S(�#ZE��=��wc��}�٭C-��=��`b^8�!�8��$��I�tO�f�2��ͳ�Z� �ʭ�� u��/֦J�V�غO�MA��!��Ptx��Y�� tj�.��v�q�(��u��Ht�"�^'PT�n/�ϲ��i|��.�@�z�jjV�~c�b��]{��!x�L9D̢8. RȫtY��Bf��.5�fP��e!��cӤ�g�p��4�=H+��Ր��DyV��7��c�

Sections

.text
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

156fa62181c7811875ee760c99e6a0f9

Headers

File Characteristics

Imports

msvfw32

avifil32

rasapi32

shlwapi

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

wldap32

wininet

msvcrt

Exports

Exports

Sections

.text Size: - Virtual size: 3.8MB

.rdata Size: - Virtual size: 8.7MB

.data Size: - Virtual size: 812KB

.UPX0 Size: - Virtual size: 4.6MB

.UPX1 Size: 3KB - Virtual size: 3KB

.UPX2 Size: 12.3MB - Virtual size: 12.3MB

.rsrc Size: 161KB - Virtual size: 160KB

.text
Size: - Virtual size: 3.8MB

.rdata
Size: - Virtual size: 8.7MB

.data
Size: - Virtual size: 812KB

.UPX0
Size: - Virtual size: 4.6MB

.UPX1
Size: 3KB - Virtual size: 3KB

.UPX2
Size: 12.3MB - Virtual size: 12.3MB

.rsrc
Size: 161KB - Virtual size: 160KB