18a36a5cfd444bff9a03391a64571a0c

Sharing

Copy URL Twitter E-mail

General

Target

18a36a5cfd444bff9a03391a64571a0c
Size

54KB
MD5

18a36a5cfd444bff9a03391a64571a0c
SHA1

5fa6b4485620c91e4ec338d085f16f235a138801
SHA256

ef98b9d90c8b5fca4278187c8cb5e19b97b71c3eb048a04c6669795af9438a80
SHA512

0973fad6c6b10ed9ed68f9dc19bf89aac817c6333811e0d3efaf67f1fded6a9bdc7458669e79904fc7c6597892b35a9f646186064083592dc3e35d4bdc98bb60
SSDEEP

1536:lDfncVUBww+ljQjVliyFdjQPun2U9FtQCO:hnci9qQjd2mzXtx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18a36a5cfd444bff9a03391a64571a0c

Files

18a36a5cfd444bff9a03391a64571a0c
.exe windows:5 windows x86 arch:x86

36c0976a0228d16e25df17fb62816b56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GetVolumeInformationA
GetTimeFormatW
CreateProcessA
ReadFile
lstrcmpiA
GetTickCount
GetUserDefaultLangID
GetModuleFileNameA
_lopen
CloseHandle
GetThreadTimes
GetTempPathA
SleepEx
FlushViewOfFile
GetTempFileNameA
GetWindowsDirectoryA
WaitForSingleObject
_lwrite
GetDriveTypeW
OpenFile
DisableThreadLibraryCalls
CreateMutexW
VirtualProtect

user32

wsprintfA
ExitWindowsEx
DdeCreateStringHandleW
GetMenuItemInfoA
UnionRect
IsDialogMessageA
SetThreadDesktop
GetClassInfoExA
InvalidateRgn

gdi32

FillRgn
UpdateICMRegKeyW
SetMapMode
SelectClipPath
CreateEllipticRgnIndirect
GetColorAdjustment
CopyEnhMetaFileA

ws2_32

htonl
WSAStartup
connect
recv
bind
socket
closesocket
gethostbyname
send
htons

shlwapi

StrStrIA

iphlpapi

GetAdaptersInfo

msvcrt

memset
memcpy

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 368B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.UPX2
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36c0976a0228d16e25df17fb62816b56

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

shlwapi

iphlpapi

msvcrt

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 17KB

.data Size: - Virtual size: 16B

.UPX0 Size: - Virtual size: 368B

.UPX1 Size: - Virtual size: 42KB

.UPX2 Size: 52KB - Virtual size: 52KB

.reloc Size: 512B - Virtual size: 88B

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 16B

.UPX0
Size: - Virtual size: 368B

.UPX1
Size: - Virtual size: 42KB

.UPX2
Size: 52KB - Virtual size: 52KB

.reloc
Size: 512B - Virtual size: 88B