135022ec591c7a16a4f5a7729b5f9cce

Sharing

Copy URL Twitter E-mail

General

Target

135022ec591c7a16a4f5a7729b5f9cce
Size

268KB
MD5

135022ec591c7a16a4f5a7729b5f9cce
SHA1

aa4da8848950a51fed5c51aa22fce8b5f8e61eec
SHA256

4f7d5983cbff75ea692bc5947dcda8795ddf50420acd1e9a7832664960f15997
SHA512

1faac5af38617c23c8e988727772c27df90156eb0a9a4e8ea72918ea4a16c2e6d82c0158b16bc2120572342835d45ce0587d160308c70145c5c760d317993dd0
SSDEEP

6144:eh86/aYGRsygdxtJHYpZSbaht6V4SwxazePFOQZUUpWr:ehdaYOgjYpZSba76V4jOeXZur

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
135022ec591c7a16a4f5a7729b5f9cce

Files

135022ec591c7a16a4f5a7729b5f9cce
.exe windows:4 windows x86 arch:x86

c0ea07573bbf17bbb45a584f096eafac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
WaitForMultipleObjects
GetModuleHandleW
GetVersionExW
MoveFileW
GetWindowsDirectoryW
lstrlenW
lstrcpynW
GetStartupInfoW
GetCurrentProcess
GetTimeFormatW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
GetExitCodeProcess
SetErrorMode
IsBadReadPtr
RemoveDirectoryW
GetTempPathW
InitializeCriticalSection
CreateMutexW
GetCurrentProcessId
GetLocalTime
OpenEventW
LocalFree
Sleep
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateDirectoryW
ExpandEnvironmentStringsA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
LoadLibraryA
GetFileAttributesW
GetVolumeInformationW
CreateEventW
GetLastError
SetEvent
GetDateFormatW
WaitForSingleObject
GetModuleHandleA
GetProcAddress

user32

GetForegroundWindow
wsprintfW
CharUpperW

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
LookupPrivilegeValueW
CreateProcessAsUserW
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
LookupAccountSidW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

imagehlp

FindFileInPath
ImageLoad
SymGetLineNext64
SymEnumerateSymbolsW
SymGetLineFromName64
SymEnumerateSymbols
SymEnumerateModules64
UnMapAndLoad
UpdateDebugInfoFile
MakeSureDirectoryPathExists
ImageRvaToVa
SymGetSymPrev64
ImageDirectoryEntryToDataEx
SymGetLineFromAddr64

admparse

DllMain
IsAdmDirty
ResetAdmDirtyFlag
AdmSaveData

Sections

UPX1
Size: 1024B - Virtual size: 945B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Vg
Size: 1024B - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gzmtb
Size: 1KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kCEYOG
Size: 2KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tQd
Size: 4KB - Virtual size: 921KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 91KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Xiwcux
Size: 4KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 126KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qGo
Size: 2KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0ea07573bbf17bbb45a584f096eafac

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

imagehlp

admparse

Sections

UPX1 Size: 1024B - Virtual size: 945B

.Vg Size: 1024B - Virtual size: 192KB

.gzmtb Size: 1KB - Virtual size: 168KB

.text Size: 17KB - Virtual size: 17KB

.kCEYOG Size: 2KB - Virtual size: 469KB

.rdata Size: 3KB - Virtual size: 14KB

.tQd Size: 4KB - Virtual size: 921KB

.edata Size: 91KB - Virtual size: 161KB

.Xiwcux Size: 4KB - Virtual size: 239KB

.data Size: 7KB - Virtual size: 340KB

.edata Size: 126KB - Virtual size: 181KB

.qGo Size: 2KB - Virtual size: 357KB

.rsrc Size: 5KB - Virtual size: 4KB

UPX1
Size: 1024B - Virtual size: 945B

.Vg
Size: 1024B - Virtual size: 192KB

.gzmtb
Size: 1KB - Virtual size: 168KB

.text
Size: 17KB - Virtual size: 17KB

.kCEYOG
Size: 2KB - Virtual size: 469KB

.rdata
Size: 3KB - Virtual size: 14KB

.tQd
Size: 4KB - Virtual size: 921KB

.edata
Size: 91KB - Virtual size: 161KB

.Xiwcux
Size: 4KB - Virtual size: 239KB

.data
Size: 7KB - Virtual size: 340KB

.edata
Size: 126KB - Virtual size: 181KB

.qGo
Size: 2KB - Virtual size: 357KB

.rsrc
Size: 5KB - Virtual size: 4KB