438240e5f86e3479753bbbe02a9791cf[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

438240e5f86e3479753bbbe02a9791cf.exe
Size

261KB
MD5

438240e5f86e3479753bbbe02a9791cf
SHA1

e265f7d47f4d0694f8f04f1fb4b09eb62488a03a
SHA256

b84647c12d3a61649031222ac614eb7e99dd97bf56c9b4f8d3c3cb627c2645b8
SHA512

482fc66dd1b49935aa19f4687e6f9ed97a1df81b4d7bcc345c807fe1a439d3d1e40dbce59b0b6acb6efd0a05b2abf997065d33894470822dec31b09a6d69b99e
SSDEEP

6144:1ayqTuLw5F88SgCpsS1EbAD7im4vpDVL7RQQZQf6KAe8ihh:xCua88SEjbEwvpZBZQfZhh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
438240e5f86e3479753bbbe02a9791cf.exe

Files

438240e5f86e3479753bbbe02a9791cf.exe
.exe windows:4 windows x86 arch:x86

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FreeLibrary
GetModuleHandleA
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetCurrentDirectoryA
CreateMutexA
LocalFree
GetVersionExA
GetLastError
LoadLibraryA
WaitForSingleObject
ExitProcess
RaiseException
QueryPerformanceCounter
GetTickCount
HeapCreate
IsBadWritePtr
TlsAlloc
SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
GetCurrentProcess
GetStartupInfoA
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateDirectoryA
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeAcl
InitializeSid
GetSidSubAuthority
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor

shell32

SHGetFolderPathA

msasn1

ASN1BEREncCheck
ASN1BERDecGeneralizedTime
ASN1_GetEncoderOption
ASN1BEREncLength
ASN1BERDecBool
ASN1BERDecSXVal
ASN1BEREncChar16String
ASN1BERDecCharString
ASN1BEREncChar32String
ASN1char32string_free
ASN1BEREncCharString
ASN1CEREncUTCTime
ASN1BERDecNull
ASN1_SetDecoderOption
ASN1bitstring_cmp
ASN1char32string_cmp
ASN1_CreateEncoder
ASN1BERDecLength
ASN1BEREncOpenType
ASN1BEREncSX

msident

DllGetClassObject

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 86KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxVhJ
Size: 4KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 131KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msasn1

msident

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 4KB

.edata Size: 86KB - Virtual size: 134KB

.gxVhJ Size: 4KB - Virtual size: 943KB

.data Size: 8KB - Virtual size: 255KB

.edata Size: 131KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 2KB

UPX1
Size: 7KB - Virtual size: 7KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 4KB

.edata
Size: 86KB - Virtual size: 134KB

.gxVhJ
Size: 4KB - Virtual size: 943KB

.data
Size: 8KB - Virtual size: 255KB

.edata
Size: 131KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 2KB