035af867d5ac6a6415c33d01898b1325

General

Target

035af867d5ac6a6415c33d01898b1325
Size

451KB
MD5

035af867d5ac6a6415c33d01898b1325
SHA1

cfbb5cf336905096a21c51502a2284e6dfc83751
SHA256

786ff25ed189d7570b62d419159e9665e1d603946c8ff1e0ced033f1add7edf7
SHA512

8a7fe7509c1c4ed126b9c25bebfa49afba0217d78688f5a75947f42fae68fcf05e925a34003063b58a611de5d66c104d2258cd6a39a6075c6b1d56cc0b65b9ed
SSDEEP

1536:bpdHSI6B6GrwGJgzPN9uxphnv6QHt1QCvXbDqrQH6sojo3Z85KgFMHNdSFhSpon:18MhN9GnzQCvLDLRojo3Z8cuMDWh1n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
035af867d5ac6a6415c33d01898b1325

Files

035af867d5ac6a6415c33d01898b1325
.exe windows:4 windows x86 arch:x86

d3b1617b54f22ca4bccb10b3e723687a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
GetModuleFileNameA
ExitThread
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLocalTime
CloseHandle
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileSize
GetSystemDirectoryA
MultiByteToWideChar
TransactNamedPipe
CreateProcessA
FindClose
FindNextFileA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
GetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryA
GetLastError
GetProcAddress
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ExpandEnvironmentStringsA
GetTempPathA
GetComputerNameA
CopyFileA
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
OpenProcess
DeleteFileA
GetCurrentProcessId
SetFileAttributesA
WaitForSingleObject
CreateMutexA
TerminateThread
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
CreatePipe
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatus
GetVersionExA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
RtlUnwind
GetFileType
GetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
SetEndOfFile

user32

GetWindowTextA
GetKeyState
GetAsyncKeyState
keybd_event
MapVirtualKeyA
GetForegroundWindow

Sections

UPX0
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3b1617b54f22ca4bccb10b3e723687a

Headers

File Characteristics

Imports

kernel32

user32

Sections

UPX0 Size: 448KB - Virtual size: 448KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 448KB - Virtual size: 448KB

.avp
Size: 2KB - Virtual size: 4KB