75ba447173faba6cc58f0048e6ac4e7c

Sharing

Copy URL

Twitter E-mail

General

Target

75ba447173faba6cc58f0048e6ac4e7c
Size

148KB
MD5

75ba447173faba6cc58f0048e6ac4e7c
SHA1

f86c2f3ed95bd5fde2ca7398e8a7a60064113637
SHA256

78646f6187d805c6a11af7c01a7b62603af91d21a92356b331a092c0cfb3b8f5
SHA512

e2129e61db0f5451848759412ae63a6299e48d4c6a3384f50081ae6401a71a309e9d03276846b0635fdfad4153070d48fa96128a79c40ca334874fe997a23d4f
SSDEEP

3072:VSFIjGcaOznhteDl1TNuVPgoxOq3LoOS1chG3imzkKFb:gtO7s3TY8qkRcaz46

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75ba447173faba6cc58f0048e6ac4e7c

Files

75ba447173faba6cc58f0048e6ac4e7c
.dll regsvr32 windows:4 windows x86 arch:x86

59a7398ccff177e54f5205954dcb9fda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceExA
GetLastError
lstrlenA
lstrlenW
lstrcmpiA
lstrcmpiW
GetShortPathNameA
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
FindResourceA
lstrcpyA
lstrcpynA
IsDBCSLeadByte
InterlockedDecrement
FindClose
FindNextFileA
FindFirstFileA
lstrcatA
FreeLibrary
LoadLibraryExA
GetStdHandle
SetHandleCount
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetEndOfFile
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetFileType
WriteFile
CloseHandle
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
GetStringTypeW
GetCommandLineA
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetWindowsDirectoryA
CreateDirectoryA
DeleteFileA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalFree
ExitProcess
RaiseException
RtlUnwind
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess

advapi32

RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegQueryInfoKeyA

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc

oleaut32

shell32

SHGetFileInfoA
ShellExecuteA

shlwapi

PathFindExtensionA
PathFileExistsA

urlmon

URLDownloadToFileA

user32

CharNextA
wsprintfA

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
test

Sections

UPX0
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59a7398ccff177e54f5205954dcb9fda

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shell32

shlwapi

urlmon

user32

wininet

Exports

Exports

Sections

UPX0 Size: 140KB - Virtual size: 140KB

.rsrc Size: 4KB - Virtual size: 8KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 140KB - Virtual size: 140KB

.rsrc
Size: 4KB - Virtual size: 8KB

.avp
Size: 3KB - Virtual size: 4KB