6f14ad7d7b4367458256cf184f465eb3

Sharing

Copy URL

Twitter E-mail

General

Target

6f14ad7d7b4367458256cf184f465eb3
Size

170KB
MD5

6f14ad7d7b4367458256cf184f465eb3
SHA1

b96c0de52a83a2a949bfdaf64da757ca20e36cf1
SHA256

47cab799b7ab73be841d4e1d4dceb5d583446266f57429085c0de347af0a3b41
SHA512

7fe8a29d23a6e90da630b6a3bff5a4b2cc9dafd3d4d8fa7f1ceb1e04747f5b704abc60c939306da1ba60310e02afd658f63552cd00d65bbb842993835020fc25
SSDEEP

3072:g1ZCwzK8FW90cfN+2AY/y9gsxPv/WJA9q6NN1TEefeq:FwtFO0cfl/ONz9q6Feq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f14ad7d7b4367458256cf184f465eb3

Files

6f14ad7d7b4367458256cf184f465eb3
.exe windows:0 windows x86 arch:x86

1483a80767b473ba64ccd20d00de8827

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
strlen
wcscmp
strncpy
fabs
cos
acos
free
malloc
sin
memcpy
_purecall
strcmp
memcmp
pow
log10
memset

user32

MessageBoxA

kernel32

SetEndOfFile
GetFileSize
SetFilePointer
GetTickCount
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
RtlUnwind
Sleep
GetLastError
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
TryEnterCriticalSection
DeleteCriticalSection
InterlockedExchange
CreateFileA
CloseHandle
IsProcessorFeaturePresent
ReadFile
GetOverlappedResult
QueryPerformanceFrequency
HeapAlloc
OutputDebugStringA
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
HeapFree
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
VirtualAlloc

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA

rpcrt4

RpcStringFreeA
UuidToStringA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

cmutil

CmLoadIconW

gdi32

CreateSolidBrush

winmm

joyReleaseCapture
waveOutGetPlaybackRate
mmDrvInstall
waveOutSetPlaybackRate
midiInClose
mmioSetBuffer
mixerGetLineInfoA
waveOutWrite
mci32Message
mixerGetLineControlsW
mciLoadCommandResource
waveInStart
mixerGetNumDevs
midiInGetErrorTextW
PlaySound
midiOutGetErrorTextA
mixerGetControlDetailsA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX0
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1483a80767b473ba64ccd20d00de8827

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

advapi32

rpcrt4

ole32

cmutil

gdi32

winmm

Sections

.text Size: 15KB - Virtual size: 14KB

UPX0 Size: 512B - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 2KB

UPX1 Size: 2KB - Virtual size: 30KB

UPX2 Size: 1024B - Virtual size: 17KB

.rdata Size: 139KB - Virtual size: 248KB

UPX3 Size: 3KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 14KB

UPX0
Size: 512B - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 2KB

UPX1
Size: 2KB - Virtual size: 30KB

UPX2
Size: 1024B - Virtual size: 17KB

.rdata
Size: 139KB - Virtual size: 248KB

UPX3
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 3KB - Virtual size: 4KB