550c3a58e3776e1d23702039287699b7

Sharing

Copy URL Twitter E-mail

General

Target

550c3a58e3776e1d23702039287699b7
Size

216KB
MD5

550c3a58e3776e1d23702039287699b7
SHA1

6884f5786b4fc6be10a3c2d3d4d4203ef80a172a
SHA256

d4767d683addfe6e27bf283497a7c89da47d70314250db795058a5b7254ae53b
SHA512

ef095b9d95a58689ea6ddc04103da5902718d5aaf41441a99c1bd9b24735f550502bc19d7831678056ae6ca4940799a07120d988f04e4f51aad050665c3057cc
SSDEEP

6144:HA3UYlLYp4oEcSf4kDliBU1MG3333333333333333333333333333333333t33/Q:gEYlMp4USfPzS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
550c3a58e3776e1d23702039287699b7

Files

550c3a58e3776e1d23702039287699b7
.exe windows:4 windows x86 arch:x86

e354bf621495357d7cf0794da80565aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__p__fmode
__set_app_type
_except_handler3
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_acmdln
_setmbcp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
swprintf
vsprintf
sprintf

mfc42

ord3825
ord3079
ord4080
ord4622
ord4424
ord815
ord5302
ord4698
ord5714
ord2725
ord4673
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord561
ord3738
ord2396
ord3831
ord5300
ord4079
ord5307
ord5289
ord641
ord4274
ord4234
ord5265
ord6052
ord1775
ord4425
ord5280
ord4376
ord4853
ord4998
ord4710
ord2514
ord324
ord3597
ord4627
ord4078
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord3098
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord1576
ord1168
ord3346

kernel32

CreateFileW
LeaveCriticalSection
GetStartupInfoA
GetEnvironmentVariableA
FatalExit
OpenFileMappingA
FatalAppExitA
GetModuleHandleA
GetModuleFileNameA
EnterCriticalSection
Sleep
InitializeCriticalSection
GetTickCount
MapViewOfFile
lstrlenA
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar

user32

EnableWindow
wsprintfA
GetScrollRange
SetScrollPos
GetDesktopWindow
SetDlgItemTextA
GetDlgItemTextA

advapi32

CryptHashData
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam

shell32

ShellExecuteA

Sections

.code
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX
Size: 4KB - Virtual size: 21B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e354bf621495357d7cf0794da80565aa

Headers

File Characteristics

Imports

msvcrt

mfc42

kernel32

user32

advapi32

shell32

Sections

.code Size: 168KB - Virtual size: 164KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 2KB

UPX Size: 4KB - Virtual size: 21B

.code
Size: 168KB - Virtual size: 164KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 2KB

UPX
Size: 4KB - Virtual size: 21B