27670787aeed9b4a6e14b8a987d52f55

Sharing

Copy URL Twitter E-mail

General

Target

27670787aeed9b4a6e14b8a987d52f55
Size

48KB
MD5

27670787aeed9b4a6e14b8a987d52f55
SHA1

018d0c1b3327a0e6fe83e18790e3819fc8523835
SHA256

c6d735f679edf9df88e507a8b3aff5f0ea9cf7ee9ae20f802d917f84b45dcb15
SHA512

fbb76361419fac47299153a83229800801541449cc2d2000fcb94f1d947f206bce2ea1a0a3ded38a240967f495cd244ab1a2b30dd4204321e701410f2d5a6718
SSDEEP

768:ucnWCv4+caXpvBBQARQkxFF39XosTlSizMD1l:uQ9caXpvBBQARB/39X73zMT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27670787aeed9b4a6e14b8a987d52f55

Files

27670787aeed9b4a6e14b8a987d52f55
.dll regsvr32 windows:4 windows x86 arch:x86

9ff7a105177618043bfcf54f111b50d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetSystemDirectoryA
DeleteFileA
lstrcmpiA
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
ExitProcess
Module32Next
Module32First
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
WritePrivateProfileStructA
GetPrivateProfileStructA
GetLocalTime
GetPrivateProfileIntA
WritePrivateProfileStringA
DeviceIoControl
lstrcatA
lstrlenW
LoadLibraryExA
GlobalFree
GlobalAlloc
CreateThread
GetExitCodeThread
GetFileSize
ReadFile
ReadProcessMemory
RtlZeroMemory
Sleep
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQueryEx
lstrcmpA
lstrcpynA
LoadLibraryA
GetModuleFileNameA
OpenProcess
WaitForSingleObject
TerminateProcess
GetCurrentProcessId
CopyFileA
MoveFileExA
GetTempFileNameA
lstrlenA
GetLastError
CreateFileA
WriteFile
MultiByteToWideChar
CloseHandle

advapi32

CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
DeleteService

msvcrt

free
malloc
_adjust_fdiv
_initterm

ntdll

NtQuerySystemInformation
memset
memcmp
memcpy

user32

DefWindowProcA
DestroyWindow
PostQuitMessage
KillTimer
SetTimer
wsprintfA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowLongA
GetWindowThreadProcessId
GetWindowTextA
GetWindowLongA
EnumWindows
LoadCursorA
CallWindowProcA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

ws2_32

Exports

Exports

DllRegisterServer

Sections

UPX0
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ff7a105177618043bfcf54f111b50d8

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ntdll

user32

wininet

ws2_32

Exports

Exports

Sections

UPX0 Size: 44KB - Virtual size: 44KB

UPX2 Size: 512B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 44KB - Virtual size: 44KB

UPX2
Size: 512B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB