545889d2d80aa828b252b8f19e05bf61

General

Target

545889d2d80aa828b252b8f19e05bf61
Size

285KB
MD5

545889d2d80aa828b252b8f19e05bf61
SHA1

61a443f9b0f98d7de5ea360bfeaec0c83506c06f
SHA256

39daee0ef2dc821e1a6b60cafaeb76622b9e6bd7423b62db3724494ed36c5a69
SHA512

cd0f762dcba6a24183f9ccc1c964bfe4a3724b2eec7a2e664be28f98406af7bdcce6d097b26bd16d2eb63c907df5271699189ae0559b216eecc802a06ccd4910
SSDEEP

6144:gclEEHU6PKM1tbp4CipkZuRp2lgHcfxgqNx/d7DgJQHcfxgbQvQ7/dpLdr28bXjr:QE06FNMk0EN24/rh/bXjx13iQ1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
545889d2d80aa828b252b8f19e05bf61

Files

545889d2d80aa828b252b8f19e05bf61
.exe windows:4 windows x86 arch:x86

51f0899c17a92161c3425043255e1482

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
FindFirstFileA
TerminateProcess
OpenProcess
GetCommandLineA
FindClose
FindNextFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetStartupInfoA
GetModuleHandleA
GetVersionExA
GetCurrentProcess
GetFileAttributesA
GetModuleFileNameA
DeleteFileA
GetTempPathA
CreateMutexA
GetLastError
CloseHandle
CreateProcessA
WaitForSingleObject
WinExec
GetWindowsDirectoryA
CopyFileA
Sleep
GetExitCodeProcess

advapi32

RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
DeleteService
RegDeleteKeyA

msvcrt

fclose
fprintf
sprintf
time
fopen
exit
printf
_flsbuf
_filbuf
fwrite
ftell
fseek
fread
free
malloc
strrchr
_stricmp
srand
_snprintf
atoi
strtok
_mkdir
strstr
_chdir
strncpy
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

UPX
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3CF801BC
Size: 4KB - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

51f0899c17a92161c3425043255e1482

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

Sections

UPX Size: 12KB - Virtual size: 8KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 75KB

.code Size: 16KB - Virtual size: 16KB

3CF801BC Size: 4KB - Virtual size: 610B

UPX
Size: 12KB - Virtual size: 8KB

.code
Size: 16KB - Virtual size: 16KB

3CF801BC
Size: 4KB - Virtual size: 610B