556d5beb227f05b81fe4416727c3bf3d

General

Target

556d5beb227f05b81fe4416727c3bf3d
Size

128KB
MD5

556d5beb227f05b81fe4416727c3bf3d
SHA1

7357e062e34a8445dadca05e6db0265e0caf3d9d
SHA256

76d943d5bd76b3d543d466d34ea2e8ccfb9f3ee1753ea7838eb84c1b94dd6255
SHA512

4c5932b05a2f1d641a7d0d4ac3d37366fd6d64277bc2775a0c2e2ef17678c573f7b31f88dda98190f515a01abb655a9647e5dee383ce30674895f1cc773c74ec
SSDEEP

1536:kUqlvmQrqC4CQFqkQYe2UAn0/5zq94yT624jyHA6ejx2yrPX:DOIhHUV/hQDT624jyHA6ejx2yjX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556d5beb227f05b81fe4416727c3bf3d

Files

556d5beb227f05b81fe4416727c3bf3d
.exe windows:4 windows x86 arch:x86

735d923e467efb778c49724a9b5f7454

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenA
WriteFile
UnmapViewOfFile
SizeofResource
SetFileTime
ReleaseMutex
OpenMutexA
MapViewOfFile
LockResource
LoadResource
LoadLibraryA
GetWindowsDirectoryA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetModuleFileNameA
GetFileTime
GetCurrentThreadId
FreeResource
FindResourceA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
CreateMutexA
CreateFileMappingA
CreateFileA
CopyFileA
CompareStringA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

user32

GetMessageA
GetKeyboardType
MessageBoxA

Sections

UPX0
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

735d923e467efb778c49724a9b5f7454

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

UPX0 Size: 124KB - Virtual size: 124KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 124KB - Virtual size: 124KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB