42c9f9c4a27be559624d640c724f0bf3

General

Target

42c9f9c4a27be559624d640c724f0bf3
Size

631KB
MD5

42c9f9c4a27be559624d640c724f0bf3
SHA1

e1f38c49c47180803142f52f1312674a9295ff46
SHA256

e67149f4cab06f3e33237980586105b4bc917001219883da6214c1953b661c44
SHA512

cfd37a3de2eeff211256393bfeada8dfe0ada40d5eb874d739592e4a4e3f7424809d5afc4a01f180e6e6c150f0a4b22cd4fdf0d32ebc33454fb9be3af05bda79
SSDEEP

1536:CbFcmVnUzxR70P9bHsO1G/b4SmBian3n0rrn:C5cmVnUzxR70P9zX1G/b4LZ32n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42c9f9c4a27be559624d640c724f0bf3

Files

42c9f9c4a27be559624d640c724f0bf3
.exe windows:4 windows x86 arch:x86

84df5166925ba95b291cc15e273bd85c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetVersionExA
GetLastError
ExpandEnvironmentStringsA
CloseHandle
CreateMutexA
FindClose
GetVersion
GetLocalTime
CreateFileA
FindFirstFileA
FlushFileBuffers
SetEndOfFile
LoadLibraryA
GetProcAddress
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
MoveFileA
ExitProcess
TerminateProcess
GetCurrentProcess
GetFileAttributesA
DeleteFileA
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetEnvironmentStringsW
VirtualAlloc
FindNextFileA
GetWindowsDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
SetStdHandle
ReadFile
WriteFile
HeapSize
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
IsBadWritePtr
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
WideCharToMultiByte
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

user32

FindWindowA
PostQuitMessage

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile

ws2_32

Sections

UPX0
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84df5166925ba95b291cc15e273bd85c

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

wininet

ws2_32

Sections

UPX0 Size: 628KB - Virtual size: 628KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 628KB - Virtual size: 628KB

.avp
Size: 2KB - Virtual size: 4KB