60c0ef5c847d2ac0bc8a18effdc0f1cc

General

Target

60c0ef5c847d2ac0bc8a18effdc0f1cc
Size

23KB
MD5

60c0ef5c847d2ac0bc8a18effdc0f1cc
SHA1

9029eaae186769c4d8322560218d3417708b5d44
SHA256

d3a779265dac39a9b3492956016d83c9ef12b3c077364f157d6a62f3fe877950
SHA512

9d74eadecdc7602a7eb6678485c0a9a0f67e83cafa3bf8a04f0007346760b785b1a444bcb8fba104ed1cec425ea137c544e9a72ed13e0d5f3525904a48e1a3f3
SSDEEP

192:btJBNK/TyUA7k3qKGW67fkqrqP+fTXoI+3cKFO0WDf:RweUAwe7lqP+cV3cOf0f

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60c0ef5c847d2ac0bc8a18effdc0f1cc

Files

60c0ef5c847d2ac0bc8a18effdc0f1cc
.exe windows:4 windows x86 arch:x86

eb106036f20c2a18d95dbb667e7fa22d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
ReadFile
GetFileSize
_llseek
Process32Next
TerminateProcess
CreateToolhelp32Snapshot
CreateThread
GetModuleHandleA
GetStartupInfoA
GetShortPathNameA
lstrcpyA
lstrcatA
GetEnvironmentVariableA
GetLastError
CreateFileA
WriteFile
CloseHandle
WaitForSingleObject
TerminateThread
GetTickCount
SetEvent
ExitThread
OpenProcess
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
DeleteFileA
Sleep
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
Process32First

advapi32

RegSetValueExA
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA
RegQueryValueExA
CryptCreateHash

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??3@YAXPAX@Z
memset
_except_handler3
_local_unwind2
strcpy
strstr
strcat
strlen
sprintf
memcmp
strncpy
strcmp
__CxxFrameHandler
toupper
tolower

shell32

ShellExecuteA

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb106036f20c2a18d95dbb667e7fa22d

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

shell32

Sections

UPX0 Size: 20KB - Virtual size: 20KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 20KB - Virtual size: 20KB

.avc
Size: 2KB - Virtual size: 4KB