1210ff9169a78168860645b72416cfed

Sharing

Copy URL Twitter E-mail

General

Target

1210ff9169a78168860645b72416cfed
Size

155KB
MD5

1210ff9169a78168860645b72416cfed
SHA1

d3f57a110df615036b827e4a829e5ad2e535520b
SHA256

8e67bd1eebf2762e600ce6d337a9a8fa22149539d47bd2952a8780a9daacd1d9
SHA512

b5ded8b20a319faa0151dfc7d4f5626be289f9bc02ea95f3eb4f87d8e3d5d5ede236c69391437bdb5e896509c868af3f13a5a782cbf9c79e8bb16ff819063b67
SSDEEP

3072:H3m1L9gVWGXv7JhYSf/GU46r4swlWSUHe8lzNvo4VVxLAfeeKgv0m:Xe9gVRrHHGU46VwQSUHpzJoCxLA2vgv5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1210ff9169a78168860645b72416cfed

Files

1210ff9169a78168860645b72416cfed
.exe windows:6 windows x86 arch:x86

cf3b5ce946ae87b22032d8bc6da7d7f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSetInformation
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
exit
_controlfp
__getmainargs
_except_handler4_common

ulib

??1ARGUMENT_LEXEMIZER@@UAE@XZ
??1ARRAY@@UAE@XZ
??1STRING_ARGUMENT@@UAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARRAY@@QAEEKK@Z
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
?Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
??0PATH_ARGUMENT@@QAE@XZ
??0FLAG_ARGUMENT@@QAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??0ARRAY@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
??0DSTRING@@QAE@XZ
??0STREAM_MESSAGE@@QAE@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Set@STREAM_MESSAGE@@UAEEKW4MESSAGE_TYPE@@K@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?QueryFullPath@PATH@@QBEPAV1@XZ
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?QueryLibraryEntryPoint@SYSTEM@@SGP6GHXZPBVWSTRING@@0PAPAX@Z
?FreeLibraryHandle@SYSTEM@@SGXPAX@Z
??1DSTRING@@UAE@XZ
??1OBJECT@@UAE@XZ
?Display@MESSAGE@@QAAEPBDZZ
?Initialize@WSTRING@@QAEEPBDK@Z
?QueryString@WSTRING@@QBEPAV1@KK@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
??1STREAM_MESSAGE@@UAE@XZ

ifsutil

?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf3b5ce946ae87b22032d8bc6da7d7f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ulib

ifsutil

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 888B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 650B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 888B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 650B

UPX0
Size: 144KB - Virtual size: 380KB