21c279e0b7b110582679e8a0580cedd6

General

Target

21c279e0b7b110582679e8a0580cedd6
Size

167KB
MD5

21c279e0b7b110582679e8a0580cedd6
SHA1

4b0f4dc12ef604a2b605b45e4c71bf2393f83011
SHA256

ca66d7f3af5da7e934d1abacfb804b8e2504992bdc9d5b6132d0475389b88fed
SHA512

1155513776f04a9677b117e05d3496c7aabb40b18a93b93543bd410d8d2988c6f98d9bb21f908ca9b0a7d35039bf105b8523d11431aeb3b4c20a656a88a568c5
SSDEEP

3072:m7V6CcF9R/dMMMMMM2MMMMM+FZ7EmrC3LDmRL5FLwFxSLwUWV2ZyICwquEkiOgeD:m78CaRVMMMMMM2MMMMMU7EmrrRLwFx7x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21c279e0b7b110582679e8a0580cedd6

Files

21c279e0b7b110582679e8a0580cedd6
.exe windows:5 windows x86 arch:x86

4dcec2841207709ba9c35c9a84029300

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_vsnprintf

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

GetVersionExA
UnhandledExceptionFilter
CloseHandle
ReleaseMutex
GetFileAttributesA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenW
WaitForSingleObject
CreateMutexA
ExitProcess
GetModuleHandleA
GetStartupInfoA
SetErrorMode
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
lstrcpynA
SetUnhandledExceptionFilter
lstrlenA
GetEnvironmentVariableA
GetModuleFileNameA

user32

GetWindowThreadProcessId
SetForegroundWindow
SendMessageTimeoutA
LoadStringA
MessageBoxA

shlwapi

SHGetValueA
StrCmpIW
ord67
SHSetValueA
StrStrIA
PathRemoveFileSpecA
ord157

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4dcec2841207709ba9c35c9a84029300

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

shlwapi

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 184B

.rsrc Size: 49KB - Virtual size: 48KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 184B

.rsrc
Size: 49KB - Virtual size: 48KB

.UPX0
Size: 108KB - Virtual size: 260KB