52fcd8ddb28bddf5f0cb6255517c7b87

Sharing

Copy URL Twitter E-mail

General

Target

52fcd8ddb28bddf5f0cb6255517c7b87
Size

49KB
MD5

52fcd8ddb28bddf5f0cb6255517c7b87
SHA1

1aed659029107ba5037e4fece6f6386b88647087
SHA256

7485a224b82f9887b5c4905febc69bd40f1bdc8d690775f42a3b9e1ccc5b50cd
SHA512

08a6b678a536683da453694e8b6a29aff1356f2691d561e251947c1a8493fbac578f6c44a61a368a33cad76178182133f3ab84cb43fc7d4a4e255462a6c488f6
SSDEEP

768:Oh6rcZ10/LgZp8LXrm+xlRwM9NNXVV8RG:OhWc70UZErm+nWM9N5Vq8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52fcd8ddb28bddf5f0cb6255517c7b87

Files

52fcd8ddb28bddf5f0cb6255517c7b87
.exe windows:4 windows x86 arch:x86

9f19950e25e7fd653302cdd78e220084

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
Sleep
MultiByteToWideChar
GetStartupInfoA
GetModuleHandleA
GetShortPathNameA
GetEnvironmentVariableA
TerminateThread
CloseHandle
CreateEventA
SetEvent
WaitForSingleObject
CreateThread
ResetEvent
CreateMutexA
ReleaseMutex
GetVersionExA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
MapViewOfFile
UnmapViewOfFile
GlobalMemoryStatus
GetComputerNameA
CreateProcessA
GetSystemDirectoryA
GetLastError
GetCurrentProcessId
GetVersion
CopyFileA
GetModuleFileNameA
GetCurrentDirectoryA
lstrlenA
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetExitCodeThread

advapi32

StartServiceA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo

mfc42

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_stricmp
exit
__p__fmode
_iob
fprintf
printf
atoi
_mbscmp
realloc
malloc
free
_ftol
sprintf
_CxxThrowException
__CxxFrameHandler
wcslen
_unlink
__set_app_type
_except_handler3
_controlfp
_setmbcp

oleaut32

urlmon

URLDownloadToFileA

user32

IsIconic
EnableWindow
GetClientRect
DrawIcon
SendMessageA
SetTimer
GetMessageA
DispatchMessageA
TranslateMessage
GetSystemMetrics

ws2_32

WSASocketA

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f19950e25e7fd653302cdd78e220084

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

oleaut32

urlmon

user32

ws2_32

Sections

UPX0 Size: 40KB - Virtual size: 40KB

.rsrc Size: 5KB - Virtual size: 8KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avc
Size: 3KB - Virtual size: 4KB