34f695fd288363a5f189a6ad573ca82e

General

Target

34f695fd288363a5f189a6ad573ca82e
Size

134KB
MD5

34f695fd288363a5f189a6ad573ca82e
SHA1

07ef265ed3f8affeb03157670828c235136057c7
SHA256

2ee76e2314f2d2869d038e283cca232fb22550c31cd3d749221ae75b76e7c7d7
SHA512

4ae63ced8e8ef161898db609b8d21b993b4113a91beb6cd2ae514948aaa780fe907858650f2d0b319f8f0290b7523ae010259bce6b8d8d474f433f29dd80f8f0
SSDEEP

1536:qSnc9iWKPnD+brCg47jJKp2fhhThV8aQ:qSnc9iH6H47jJKp2fhvQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34f695fd288363a5f189a6ad573ca82e

Files

34f695fd288363a5f189a6ad573ca82e
.exe windows:4 windows x86 arch:x86

dc0142b432b6322edfaa8c6b1206cf2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
WriteFile
VirtualQuery
MoveFileA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetDiskFreeSpaceA
GetDateFormatA
GetCPInfo
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CompareStringA
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

oleaut32

SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

user32

MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA

Sections

UPX0
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc0142b432b6322edfaa8c6b1206cf2d

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

shell32

urlmon

user32

Sections

UPX0 Size: 116KB - Virtual size: 116KB

.rsrc Size: 14KB - Virtual size: 16KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 14KB - Virtual size: 16KB

.avc
Size: 2KB - Virtual size: 4KB