0ab7206c162ef3b95deffcde62d6ccf4

Sharing

Copy URL Twitter E-mail

General

Target

0ab7206c162ef3b95deffcde62d6ccf4
Size

56KB
MD5

0ab7206c162ef3b95deffcde62d6ccf4
SHA1

148e8a2a506b97de6395f9426cf13f0ed171bacc
SHA256

f7fdf59bf7d09a6fdc20093026c9f1fa256a1d02db1d21a80e418a11a6a23ae1
SHA512

aaef4e219654e4b95d4788951d9dd078ed407078a165aff2ee53e4fe791808f161e11576db7055bd2269a9a055b3eeb2681d594dcabf89af75ed69ec9dba505b
SSDEEP

1536:ai52rHkRGhDj4304pFkfdhMWyvuzpWhCScXIS2cHHGrK:F52rEREjM2lmvuYhCSvS5nGrK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ab7206c162ef3b95deffcde62d6ccf4

Files

0ab7206c162ef3b95deffcde62d6ccf4
.exe windows:5 windows x86 arch:x86

0dc2214d7f5650c4369ae4c0b566503b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
DefineDosDeviceW
GetTempFileNameA
GlobalGetAtomNameW
GetVolumeInformationA
ReadFile
CloseHandle
GetWindowsDirectoryW
GetTempPathA
GlobalAlloc
GetWindowsDirectoryA
GetModuleFileNameA
CreateProcessA
GetTickCount
WriteConsoleInputA
WaitForSingleObject
_lwrite
OpenFile
GlobalHandle
SearchPathW
VirtualProtect

user32

ReleaseCapture
DdeQueryStringA
LoadAcceleratorsW
GetKeyboardLayoutNameW
wsprintfA
IsWindowEnabled
GetMessageW

gdi32

PlayEnhMetaFile
SetROP2
SetColorAdjustment
GetGlyphOutlineA
CreateDIBPatternBrush
GetGraphicsMode
DPtoLP
Polyline

ws2_32

htons
WSAStartup
connect
recv
bind
socket
closesocket
gethostbyname
send
htonl

shlwapi

StrStrIA

iphlpapi

GetAdaptersInfo

msvcrt

memset
memcpy

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.UPX2
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dc2214d7f5650c4369ae4c0b566503b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

shlwapi

iphlpapi

msvcrt

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 17KB

.data Size: - Virtual size: 16B

.UPX0 Size: - Virtual size: 352B

.UPX1 Size: - Virtual size: 46KB

.UPX2 Size: 55KB - Virtual size: 54KB

.reloc Size: 512B - Virtual size: 84B

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 16B

.UPX0
Size: - Virtual size: 352B

.UPX1
Size: - Virtual size: 46KB

.UPX2
Size: 55KB - Virtual size: 54KB

.reloc
Size: 512B - Virtual size: 84B