742d2a7d65273fab63df9c44afdaa8ce

General

Target

742d2a7d65273fab63df9c44afdaa8ce
Size

19KB
MD5

742d2a7d65273fab63df9c44afdaa8ce
SHA1

b188d246f6032edf2d62a4cd39f68cb9fff18c1c
SHA256

eb0267ff3d82ce317e078dfb92b0784760ddaf4623802f7ad4eb5d0e28041612
SHA512

06f37a80888032fd4e05614b140a1944ce794b78e4a950abb0071d540032476edad2c2fdfd8328ac937a3dceeac32d60f050477a4bf92595ff8b04661a0e171f
SSDEEP

384:+LmOAHyDajFm8wXfKpMkz7Ph7ok4NRJ2:+LVAH6EUSpv6DZ2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
742d2a7d65273fab63df9c44afdaa8ce

Files

742d2a7d65273fab63df9c44afdaa8ce
.exe windows:4 windows x86 arch:x86

12ee1313c3d14f3d9ebf50431cb3b18e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
WriteFile
VirtualFree
VirtualAlloc
GetModuleFileNameA
lstrcmpiA
GetSystemDirectoryA
lstrcatA
CopyFileA
WinExec
CreateToolhelp32Snapshot
Process32First
TerminateProcess
Process32Next
lstrcpyA
lstrlenA
Sleep
lstrcpynA
GetCurrentProcess
GetProcAddress
LoadLibraryA
WriteProcessMemory
CloseHandle
OpenProcess
GetModuleHandleA
GetTickCount
CreateMutexA
CreateThread
CreateProcessA
SetEvent
OpenEventA
ExitThread
ReadFile
GetFileSize
CreateFileA
ExitProcess
GetLastError
DeleteFileA
WaitForSingleObject
CreateEventA
InterlockedIncrement

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
AbortSystemShutdownA
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptImportKey

msvcrt

memcmp
strchr
_except_handler3
strstr
rand
srand
memcpy
strlen
memset

user32

FindWindowA
GetForegroundWindow
GetWindowThreadProcessId
wsprintfA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetGetConnectedState

ws2_32

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12ee1313c3d14f3d9ebf50431cb3b18e

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

wininet

ws2_32

Sections

UPX0 Size: 16KB - Virtual size: 16KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 16KB - Virtual size: 16KB

.avp
Size: 2KB - Virtual size: 4KB