468dc0621cf18145c132a40d469c23fd

General

Target

468dc0621cf18145c132a40d469c23fd
Size

137KB
MD5

468dc0621cf18145c132a40d469c23fd
SHA1

52544c68a7d0733852f85fd7e60d2161840774da
SHA256

2f2937b1f23313c353751f432e2df9bdacad04b6297f6ea34c25a01765fc4ace
SHA512

f0596293d6ead33b78f975fdc5868051f9ce79287acc556a6398c9f9ee8f42ba93ef42526d6a37ad92638c3617cc99450ea0beb4cd7b6a3562fdf825e98747a7
SSDEEP

1536:PR8Lf9b3iqGpA+GiPwLzG/i/iAACeQxR3hfZ53iqGpa+GhyJ:YfQzpXoLzG/HhC5Vfuzp1k

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
468dc0621cf18145c132a40d469c23fd

Files

468dc0621cf18145c132a40d469c23fd
.exe windows:4 windows x86 arch:x86

4a48d3ef2e66e285135642bffb97d95c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaLineInputVar
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
__vbaVarCmpGe
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaForEachVar
_allmul
_CItan
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

UPX0
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a48d3ef2e66e285135642bffb97d95c

Headers

File Characteristics

Imports

msvbvm60

Sections

UPX0 Size: 108KB - Virtual size: 108KB

.rsrc Size: 26KB - Virtual size: 28KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 26KB - Virtual size: 28KB

.avc
Size: 2KB - Virtual size: 4KB