09b38e7cdd0648036ea3e69dfd8ded6f

Sharing

Copy URL Twitter E-mail

General

Target

09b38e7cdd0648036ea3e69dfd8ded6f
Size

1.7MB
MD5

09b38e7cdd0648036ea3e69dfd8ded6f
SHA1

1198109ca17d5a101d3ac5c4e73d8d6614a3e303
SHA256

e27abb3e0275e8d1ef40679de159687f048f340b70cd9aaa01a1601c73bfa95a
SHA512

2946d5db09105fc1b61cd8b62a81e494875eb1b720d54d7508281ac2ccaf82a228b8f6c5f2ea4394022b18d807607de1a517aa155a05a5792d7858da283b60cc
SSDEEP

24576:bNz4DGw7vc3mFAaPlu4mL/YmsaHGW9zHCWcktx8gt0JppTVCY3W5LCrXBlB/OLK9:bp4DTnSrL/YmsaHtCWc9gIjFmkU0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09b38e7cdd0648036ea3e69dfd8ded6f

Files

09b38e7cdd0648036ea3e69dfd8ded6f
.exe windows:4 windows x86 arch:x86

b7a55296f142209f3b69ec3801ba5a32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

ModifyMenuA
MessageBoxA

gdi32

Rectangle

winmm

waveOutClose

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyA

shell32

ShellExecuteA

ole32

CoTaskMemFree

oleaut32

SafeArrayAccessData

comctl32

ImageList_Destroy

oledlg

ord8

ws2_32

accept

comdlg32

GetSaveFileNameA

Exports

Exports

��d#�YS&�c�!��Y��LDwT�珅X�ЇU��#�X��;�yzF�䉍-�U��gf�^��1��C>(��h~��1od,��I��t�R��x�;z��ߗxB�VD�T�2u��~q��:��(��0:�/��f�!l��:��6MY��@o0�5ˁj�\Ԃ��p$��V� �p��w-��{�K��x��/@�k�o��2��6ܼQ��7�Ѳ��os�3��s�U�J�9��l��w(�&b��&1��4gzUwf��!�Ї��*Y+�7H��)�H[�8�M�uy%�%E^�A�v{x�o.9��J��$�HRp��:��1�5�@��>�`�M��vU>RL�W�� .5�r�v��8ѥ/��T��f�E~��1H8(0��=OZ��n�;��k�1/0Ll�QBi�$)��`��㜏�v�Qcd��.��CO��],�V��_��eT�Vb�H�&u7��ũ3��ʖk<x1��ē�Ь�� )��p�Yװa)3�v��;.�0whq�� g��'>��L N׮R�2��ߤ`��l��p0P ��drc~��Ry��GR,�}9UW��>p ��`x|�҈@I��#��v��Y�~Y��+;�ރ��q��G:�'o�;_!�pڗ��"�t��5�V�#�s+GJ9�45gA��Ֆ��t��Q��sc��+�7��8]�͌[�� OMj��/��pe%�Ì�Ť�<O�x�|�s�pJd�m��Y��Q�2�[��u��n=p'� H�܋��B��u�;+�n��: ��E�xH��pZ��p~�u+��ˉDV�+��˘��[�ΰx��2l�k��}�Q��T#ì��h e=s��1�V ��Q�6��/˭qD�Ke=��/��y��K`��(�Y�x�o�h��oF��.��U��__L�J�TB�`qWbؗ�uوGNZ��܁G��Ȣ1~�k5��a=C/��yt`b|��o�a��)�Ra�r�3j[ ��O6�U#"¶0��sՍ��M�$�,GjN�_�!��t��0��=��66v��Ƌ�+s��0&?� �MbO��l)�4[�`3��fA}�eX�C��$��X��"� ��^�%W"7g��u�y�#�L�w7V��ϩ�oua��**}XN�Y�#aȂz��Hp��S��K'�@>�3�<��̥ e�U�#d� ��8��Py��3��E��L ��'6ҟ�7 @��RLVD�~��X��v�GB � xC3��M�)8gXp4s�S��Ls$�U� ȡpD��]0r0�"�9�zٵDڛ��)&�F�P�J�e�E��J��f�P8$�U��7�qW��z[��KrL��:Q^��kTho��&��i�8�9��̑s^`(��x�M#�iwE�e}N��k��2=�a�\KEw��0QD�0��X�Ě#8��0��<��-��L� 0�Y�F'��r�A�ݸj�&�Y;�XO|�5�'�O�ʤ<�,#��$�T��9�;�lI��W�4w9�P�n��R�Z`��W3�xϋ�zg��И��9�a�J��J3M�W � ��Tc�L(x��^�S��Y[�G�s�󞂐�5y�(��/��A)g�A3�B��A��-{#��9�l��R �p��7lr�z��ڏ��YPdN��lΟb a@z��N�9�ڻ��P�� KC�ϰ�Ա�|�g�Ю�e��Q��더:�@J �=��Σ+b��W�c�� ݓ�@�s^ ��-I��2mB.��;�tȰ��`u;��ArC9I��'f ?r�� c��ɟ�T�Ҝo�ʽy�l{JVSW��7�X�ڪ�mmC��_�b ��ْx��A�K�327ý��{�hsV��th�[O��v<QI��+��T�̹M��z̴�$+b$a��G��*��Ѱ�T]��)'�?�l:;��A9+�8�+��&�٤��u*"��/8M�]$,t�G��='�E��%K��w��p2I�\�A)�;��k��ܦ ��w��m]]W*� �h��K?O?S1�t&��9d��Z3�E;Q��B��.�x��\-� G�F6��t,�m��NGÂ4n�G�6�+U�ɇ�\)�'�E��@9 U�p��>��S�_X��]��&EB��V{-c �6��ib.�p��t�Z��g�?��/��^%r�R�:*�1l��A��}�o��FU��)� )X/�[�� :z�#��^��(��\:��:<j�4\v]8U��~��-w`u�>]��ϴWU�l��,��m*��hC�h�y+C�f�X��Xb��e��+7��&�3P�Y�VE��aл��L^Djs�k�(��=�c?� �n�_��M4I��zwhvӾ��D��%H��m ��{S�0p�V�n�D͓��ǲ��J�Q\��*��Ԉ?��kl�� z}g��H@aP��|�j�m�k䝯��X��Ɓz;Wk�KetJ2��!��l��d;WVuWa<�m��&�\ߋڃ2<ke�$�'�0&�nj��tm�X�럟��h��S9�6��!w�)r,h��_��_P��m�Hv�S��T�s�;2��`�x��9)�1銊%��w��w2�a|��{`D��b��;(�nC��V45�X�m��5ğm�o��*�x��ڭ�[��x��D�x��xn@O]��]�ƥI 3��_�-��5��;�$��b��}�pR��i�2��n��iaf}�$�Um�� i�B��s-�_7��K��w�xGכ�L�[ ڵ�O�Y[��L3��-��g�ے�

Sections

.text
Size: - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX20
Size: - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX21
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7a55296f142209f3b69ec3801ba5a32

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 535KB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 149KB

.rsrc Size: 32KB - Virtual size: 43KB

.UPX20 Size: - Virtual size: 389KB

.tls Size: 4KB - Virtual size: 24B

.UPX21 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 4KB - Virtual size: 428B

.text
Size: - Virtual size: 535KB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 149KB

.rsrc
Size: 32KB - Virtual size: 43KB

.UPX20
Size: - Virtual size: 389KB

.tls
Size: 4KB - Virtual size: 24B

.UPX21
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 4KB - Virtual size: 428B