10228ac45819af1399931b9d4a878dc2

Sharing

Copy URL Twitter E-mail

General

Target

10228ac45819af1399931b9d4a878dc2
Size

173KB
MD5

10228ac45819af1399931b9d4a878dc2
SHA1

1f8fdbcddd4b267dc5a9f70498ae5d21f7da0f35
SHA256

1f5d5647944a142d50fc6410ff2fe97bee37178f447d8ca23dbd978e1820eab5
SHA512

e097eb46a9d0c3c5bb75d162240c84e9f4823f06ecbd383938e46ae08ac1279e8cfed2b39457342fbae3e03a63dc3015cc9ab700a3fae44e0eb489bcf21de5b9
SSDEEP

3072:tUf3djLII5m99k44DcnxaiBordjj1tGKiCPv:t23djLIh9mDqKrhXGG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10228ac45819af1399931b9d4a878dc2

Files

10228ac45819af1399931b9d4a878dc2
.exe windows:4 windows x86 arch:x86

38748c72d3341a48e798309f50aaa5a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
FindFirstFileA
SetEnvironmentVariableA
CompareStringW
LCMapStringA
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
SetStdHandle
FlushFileBuffers
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCPInfo
IsBadCodePtr
CloseHandle
UnmapViewOfFile
GetSystemDirectoryA
GetVersionExA
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
GetFileAttributesA
RemoveDirectoryA
GetLastError
DeleteFileW
SetFileAttributesW
MultiByteToWideChar
Sleep
ExitProcess
GetTempPathA
CreateDirectoryA
IsBadReadPtr
SetUnhandledExceptionFilter
CreateThread
TerminateProcess
WaitForSingleObject
OpenProcess
OpenFileMappingA
GetModuleFileNameA
GetModuleHandleA
GetSystemDefaultLCID
FormatMessageA
GetDiskFreeSpaceExA
GetTickCount
GetExitCodeProcess
GetSystemDefaultLangID
OutputDebugStringA
CreateProcessA
SetFileAttributesA
GetWindowsDirectoryA
FindClose
FindNextFileA
HeapSize
WideCharToMultiByte
HeapFree
GetProcessHeap
SystemTimeToFileTime
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileA
HeapAlloc
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetProcAddress
lstrlenW
FreeLibrary
LoadLibraryA
lstrcpynA
lstrlenA
GetVolumeInformationA
lstrcmpiA
lstrcpyA
InterlockedExchange
DeleteCriticalSection
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetCurrentProcess
HeapReAlloc
GetStringTypeW

advapi32

CryptReleaseContext
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextA
CryptImportKey
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash

iphlpapi

GetNetworkParams
GetAdaptersInfo

ole32

CoInitialize

shell32

SHGetSpecialFolderPathA

shlwapi

PathCanonicalizeA
SHSetValueA
SHGetValueA
SHDeleteValueA
PathAddBackslashA

urlmon

URLDownloadToCacheFileA

user32

GetTopWindow
GetWindowRect
wsprintfA
PostThreadMessageA
GetMessageA
DispatchMessageA
GetSystemMetrics

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetOpenUrlA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
DeleteUrlCacheEntry
InternetCloseHandle
InternetGetConnectedState

Sections

UPX0
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38748c72d3341a48e798309f50aaa5a1

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

ole32

shell32

shlwapi

urlmon

user32

wininet

Sections

UPX0 Size: 168KB - Virtual size: 168KB

.avp Size: 4KB - Virtual size: 4KB

UPX0
Size: 168KB - Virtual size: 168KB

.avp
Size: 4KB - Virtual size: 4KB