1a27d100920d571859adcfecce67562e

General

Target

1a27d100920d571859adcfecce67562e
Size

30KB
MD5

1a27d100920d571859adcfecce67562e
SHA1

7c6afad6b40b3146c32fa52a8a300a2c46f7218f
SHA256

bd25e651126a041bd11b3e55fe817f2d20145386932bc9b08e8f8a80c4ce9572
SHA512

28bcd8190c9c08ec71e328fc696108bb970e0f67ecec97c064042f13cb65c2526b4578e5b1a8257d04e99d9af5fed9805076c658c1ef1614d117efa348a3b883
SSDEEP

384:ExMnE4dXQ19NQbZl5Fh7I5ng1xYY8avZ:kQdTFtIEOLavZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a27d100920d571859adcfecce67562e

Files

1a27d100920d571859adcfecce67562e
.exe windows:4 windows x86 arch:x86

e9602db92ad62ad4e28a0f13bb62d87a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetModuleHandleA
GetCurrentProcessId
GetModuleFileNameA
TerminateProcess
Sleep
OpenProcess
MultiByteToWideChar
CreateFileA
DeleteFileA
ExpandEnvironmentStringsA
FlushFileBuffers
CloseHandle
WriteFile
HeapAlloc
HeapReAlloc
lstrcpyA
GetStartupInfoA
GetProcessHeap
HeapFree

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

__p__fmode
_except_handler3
__set_app_type
__setusermatherr
__p__commode
_adjust_fdiv
_acmdln
_initterm
__getmainargs
exit
_XcptFilter
_exit
fopen
fread
fclose
strcat
tolower
_controlfp
atoi
strlen
strstr
strtok
strcpy
memset
strcmp

ole32

CoCreateInstance
CoInitialize
CoUninitialize

rasapi32

RasEnumConnectionsA
RasEnumDevicesA
RasGetEntryPropertiesA
RasDeleteEntryA
RasSetEntryPropertiesA
RasEnumEntriesA
RasSetEntryDialParamsA
RasGetConnectStatusA
RasDialA
RasHangUpA
RasGetEntryDialParamsA
RasGetErrorStringA

shell32

ShellExecuteA

user32

KillTimer
SetTimer
DispatchMessageA
wsprintfA
EnumWindows
GetDesktopWindow
PostMessageA
GetWindowTextA
IsWindow
GetWindowThreadProcessId
LoadIconA
TranslateMessage
GetMessageA
MessageBoxA

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetReadFile
InternetGetConnectedState
InternetQueryOptionA

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9602db92ad62ad4e28a0f13bb62d87a

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ole32

rasapi32

shell32

user32

wininet

Sections

UPX0 Size: 24KB - Virtual size: 24KB

.rsrc Size: 3KB - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB