15f274601315893ce0aa77ab2cbd8c24

Sharing

Copy URL

Twitter E-mail

General

Target

15f274601315893ce0aa77ab2cbd8c24
Size

4.9MB
MD5

15f274601315893ce0aa77ab2cbd8c24
SHA1

cf3e384072368d938bae9045ba008c028aaca3c3
SHA256

75fb26331239c81224ece7c7f98c80ed659668af9affa86a5625411d32fc7e12
SHA512

35e3d958f9790b66a94f63cfedfcced13b5c87d22097dae8c126a610fd0240f427ad763547ae27ae54f318c3ba482184c135a7a5b88a49a099fb0520f338ef9f
SSDEEP

98304:hoAaF5dk3/wHs6rF0CzrWUkj9ZYnfw924eQQXQ5dAy38+L:Kdm/ss6rzrRiUnfu6QqgdA88+L

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15f274601315893ce0aa77ab2cbd8c24

Files

15f274601315893ce0aa77ab2cbd8c24
.exe windows:4 windows x86 arch:x86

2cd2c28842ed9db162cde00591c236c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SizeofResource
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

SystemParametersInfoA
MessageBoxA

advapi32

RegFlushKey

oleaut32

SafeArrayAccessData

version

GetFileVersionInfoSizeA

gdi32

StretchBlt

ole32

CreateStreamOnHGlobal

comctl32

ImageList_Add

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileA

Exports

Exports

�f��;�h|iA�M �uzIm��%�;_��\��^} �vҼ��l�v��H�'�2G@��@n2��M�OGY�FX|b]�E��Ͱ&ŎLq�ДO��%j ��K܅ �1��Z7uR<��Q�df��<pTӝ��v9Mu��#�Ɏ�k>�Z,��y��0t�$"��VH �)��-��ۡy�q��Cw��P�2��wA0h�C]�c��ǐ��>��=�O�r. �v�/)��|~��τ��w��-4^�V��L4*p��!�a��lV�d��Dq�|��Gt�?)& �T��1�@k~V ��A3�� o��X�mJ�D�Ӟ#��[��+2ѧI-_"�7 L�N.l ��֛��-۾��%��ޑ��&�Gψ�q �L� uM��NC�Lo��N@��J�tm�:c^�g�� 1[[��b&CD��{*G��w.��8_Q��u;X��Y�:Xދg�B�I�޼�F�Y0�T#��M�N��<�u+e�_�b�͝2Z�f�ZZ�2��hIܸ�gx=��K�%�|"�j_Ŀ/\��p�^��{劉z��X��Ð]��=/��su<�wj�F�u��7_��v*嚋c�-��ǜW'��U��=�:�p�|�ȅ��MD��"{��(�d��&ơ�Q�ב�e8B��{��vA⡥/`[0�:mrf_3H�O��9F��` �О�ŭӬW��գ�<iӛ;[}��%" Zj��T��zv�[��h"�� Ի��ooD�a�{�ׂ\4�X<V?G+��A-�0s�s�k�� t��ղ�l}��0^q��{�dX4�ٳ��!�O�IH��O��I\;�/kͳo��o&2,GP�N�?�tKX�Հ1��<�J�Ȳ��0$\I�<F}��w�c��y�k� �֍Ee��-L>��I�/@X(B��-�q��H��| ��ݟ3�r��f��mHR]��Gƭb��,��R�*��{�r:0��ئJ��f��B<-��{҉� �fM�.�oI�c�B�G��r�89��nq\�*�=*J)��u��O;WH}�zh�CF޷HFFS$�E�/�j32��u�P�SΛ\��4>z)q�(�&bmO��'th��h W�hj�a��>b'Tc��Abx�_��4n}~Y��ꨐ-?�+xH� �y�r `"��~o�Xs��C��ש7w�GdG!BO��:\��:H\_�^��^��v�F��t� ��t�e�m��k\��]� ��U-�/�ir�ٖ�R�xi0mE�&0_@�h=�<'�&[E l�T�ߘ+�S炿D��QL��JF�Q��u�6�,��j=L�PʇH��Y��k��|��XvǕX��%&]�s<�}s�8��};/k��F _�>�T�O�P�l��K�*�@��p��/��5��\�-]7�*��5�ҫyP��2S�($6��E��ϊ��H�p��օN�}��Y+ �M�r��Ti �X��6vv#W�=��n��`�I�̂u��g98�+'�D��O��`�k�(�)��RȢ�J~�P��6z�c?�*wt*��@.�g}î��/��N�Xqrm��J��1�4��ߦ�z�rw>a�g3�r��%:+�!�@^/�;ֱ�L�n��P�ձ.�0�:~��|ƴŧY�0J��9��n��2 ^nV¨kK�'=��Tl��:df4��Nܭ��S � c��1�t�0�Kж�V�d6��!�^z�gֵ��P�_�R�Ͱ�ɾ��z ��n��4O��)�#��f�:ބ'��r&��AiT��8��O_d��t$�x#<�`��qU (�<d�l��G�|��]#�ߦ�n�Fç��p� 1�_ٵ.%�4�\�@�{c�4b��s��fd��06�w�O2�$sA{�g}�r��-�I��?f�ZBV��;�{�_��$��1�� Ǭo�M��+�+v�nGP��K"G��3#b�q2��a� �иƺW#k�v�'�?#��K� /��J�K��UUDǕ�s�6�Ga�G�r|nA$8�u<��^Y&�C:�25�<v�ͱ�.1u��|J��U��-��2:�w�G�0.� �@��v~��^,w>��C�{Z��pUh5��4Z��O�ϠV�ya�R��9��[�R��!q�?1�V��X��K�+�,*�_mDI]pVM�r�T� L:D1.��u2��T�8\M�~�D+��f��6=�K�b=��x��]��À�� ?��h��%��)� �fU`�"�kX9#N��ċ4�:�ѓFꡙ<�o�$X� (�'�Dy}L��h4<'eG�3-��h$m(�KҖ|�*��ݥ45?��Zd@�bpA��FW��xPTНU+/w5?!7��N�� ,*��NCvu�X{�C# Wt? ��Y��u/PGE2Ox��&QQF� >&��e8�MZ�H�a�#��%_�A��"PM��V��,�3u��'~OÊ��YM헶�3�O�!�e�˼[ߤД�c��==�Z"y��C��̒�� T�.��L�H��Nt9��5��=(1rd�y��l��0�H��p��]߲k�i@�(ԅ_��ΰ�5��.��:&�)��m��Fs��z��א��Rvo�P �䂏\�g ��,�.R��K w��n�!��xm��.:��{�vk��f�� '3��|D�W�T�/D�UCl��Ӑu�Hޖ�\CX�,$؃�!� 6^oh-x��/.v9J�t�D7�i�ۼ�s+�8^�r|��=7�֏�0&��0'Bc�%N�L��5s��Kn��u��&��Eqs&EX�{'��S�� O ��^�6��_4>

Sections

CODE
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 14.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cd2c28842ed9db162cde00591c236c5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

wininet

urlmon

Exports

Exports

Sections

CODE Size: - Virtual size: 1.0MB

DATA Size: - Virtual size: 11KB

BSS Size: - Virtual size: 4KB

.idata Size: - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: - Virtual size: 24B

.UPX0 Size: - Virtual size: 70KB

.rsrc Size: 8KB - Virtual size: 14.2MB

.UPX1 Size: - Virtual size: 872KB

.UPX2 Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 512B - Virtual size: 204B

CODE
Size: - Virtual size: 1.0MB

DATA
Size: - Virtual size: 11KB

BSS
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: - Virtual size: 24B

.UPX0
Size: - Virtual size: 70KB

.rsrc
Size: 8KB - Virtual size: 14.2MB

.UPX1
Size: - Virtual size: 872KB

.UPX2
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 512B - Virtual size: 204B