4e54f2931fa0fc405a903f7038677d28

Sharing

Copy URL Twitter E-mail

General

Target

4e54f2931fa0fc405a903f7038677d28
Size

219KB
MD5

4e54f2931fa0fc405a903f7038677d28
SHA1

eae617133b7ed0b748f881dbdae8e2111af10b75
SHA256

c03af3e077067f5f60fc633071548a5aa5ec885746770449616500778072c3a7
SHA512

3d3260cfea50aa3e1d9b7e4a50719cc5cd30755b1d8fe3383c77a16ba3252a3b29978ced9b42519d4cf7ac5ab32d65a65b4c60d3fc5c00b10fadeeb51ebe409f
SSDEEP

6144:9075CN26An8hM4UiNDYX7Ke4ulptzHYaM/wr:S9Keb/z4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e54f2931fa0fc405a903f7038677d28

Files

4e54f2931fa0fc405a903f7038677d28
.exe windows:4 windows x86 arch:x86

94df9b2a53b8763b42afd163f44a8878

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
GetModuleHandleA
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedDecrement
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
ExitThread
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetFileAttributesA
FindClose
DeleteCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
SuspendThread
ResumeThread
SetThreadPriority
CreateEventA
GetLastError
SetLastError
lstrcpynA
LocalFree
GetCurrentThreadId
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
MultiByteToWideChar
GetModuleFileNameA
CopyFileA
OpenProcess
TerminateProcess
FindFirstFileA
FindNextFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateProcessA
GetVersion
PulseEvent
GetWindowsDirectoryA
FreeLibrary
GetProfileIntA
SearchPathA
LoadLibraryA
GetProcAddress
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
ResetEvent
SetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameA
WaitForSingleObject
TerminateThread
CloseHandle
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateThread
GetVersionExA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegFlushKey

comctl32

gdi32

DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
DeleteDC
CreateBitmap
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
ScaleWindowExtEx
CreateFontIndirectA
GetStockObject
GetObjectA
GetDeviceCaps

oleacc

LresultFromObject
CreateStdAccessibleObject

oleaut32

shlwapi

PathStripToRootA
PathIsUNCA

user32

GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
UnregisterClassA
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
GetMessageTime
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
wsprintfA
SendMessageA
DispatchMessageA
DestroyMenu
GetKeyState
GetCursorPos
ValidateRect
PostQuitMessage
DefWindowProcA
LoadIconA
RegisterClassA
CreateWindowExA
GetMessageA
CharUpperA
SendNotifyMessageA
DestroyWindow
GetTopWindow
GetDlgItem
PeekMessageA
TranslateMessage
GetSysColor
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
EnableWindow

wininet

InternetConnectA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetGetConnectedState
FtpPutFileA
FtpGetFileA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

wsock32

closesocket
listen
bind
socket
htonl
WSAStartup
gethostbyaddr
gethostbyname
htons
getsockname
getpeername
sendto
recvfrom
recv
select
send
connect
WSAGetLastError
accept

Sections

UPX0
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94df9b2a53b8763b42afd163f44a8878

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

oleacc

oleaut32

shlwapi

user32

wininet

winspool.drv

wsock32

Sections

UPX0 Size: 212KB - Virtual size: 212KB

.avp Size: 6KB - Virtual size: 8KB

UPX0
Size: 212KB - Virtual size: 212KB

.avp
Size: 6KB - Virtual size: 8KB