1a10e0998af74c0c9c17e57bd8660a10

General

Target

1a10e0998af74c0c9c17e57bd8660a10
Size

92KB
MD5

1a10e0998af74c0c9c17e57bd8660a10
SHA1

a50f30387a0bdb0981577f2fafe21393f63dd17c
SHA256

a39fb536b27fcfb7bc833130efe3fbcd07e2e28c44c250fb2116f3ae5ae1b99c
SHA512

4b8529ca078d1d34563c5066b3d2d824982ffe4551140097948fef0c0b81777552bd0bb9a3935677e80a46670373e5dc7d1611b3a8335b7fb4be031c461d48e9
SSDEEP

384:1Mq/SBAIsPO3vX7+O6R1xq3UZU9kpU4x6OUKUWWOqKk61O:1Mq/S3vXKJZU9dKUWJqKk6c

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a10e0998af74c0c9c17e57bd8660a10

Files

1a10e0998af74c0c9c17e57bd8660a10
.exe windows:4 windows x86 arch:x86

7c9adfc616a1475365ccabab6d8307db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetModuleFileNameA
GetSystemDirectoryA
SetFileAttributesA
GetStartupInfoA
GetModuleHandleA
CopyFileA
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetTempPathA

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyA

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
fopen
fseek
ftell
fread
fclose
__p__fmode
__set_app_type
_except_handler3
_controlfp
_stricmp
__p__commode
atoi
time
_access
localtime
atof
exit
strstr
strchr
malloc
memset
strlen
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
sprintf
free

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

user32

LoadAcceleratorsA
LoadStringA
RegisterClassExA
DispatchMessageA
GetMessageA
TranslateAcceleratorA
SetTimer
GetWindowTextA
EnumWindows
EndDialog
DialogBoxParamA
DestroyWindow
DefWindowProcA
LoadCursorA
BeginPaint
EndPaint
PostQuitMessage
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
TranslateMessage

wsock32

WSAStartup
inet_ntoa
gethostbyname
gethostname
WSACleanup

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c9adfc616a1475365ccabab6d8307db

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

shell32

urlmon

user32

wsock32

Sections

UPX0 Size: 64KB - Virtual size: 64KB

.rsrc Size: 25KB - Virtual size: 28KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 25KB - Virtual size: 28KB

.avp
Size: 2KB - Virtual size: 4KB