56b51014be54b7cf1b5ffb6bef136cfd

Sharing

Copy URL

Twitter E-mail

General

Target

56b51014be54b7cf1b5ffb6bef136cfd
Size

1.1MB
MD5

56b51014be54b7cf1b5ffb6bef136cfd
SHA1

9517b1d418d67f7f7cfa0809dc3910b388f827df
SHA256

e9bdb9b3095edb70ce11d3f3093eff5c8161133bbf162e6444ac754619e339ef
SHA512

29222ae30a2d20ef4b7e66e1ff47cabb992b25ed97f208758c14aa40962301f108534a297f0af54cf7f6a6b4a003ef9afe3f95e555bc01641c8cc1d0c17a6141
SSDEEP

24576:iaEwviyVkRgLZTIuoSpIJjn+o0ZCJE+PcREK8HbhC/Ka7Cyu:3EwqSLfIqZCVPK8HbL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56b51014be54b7cf1b5ffb6bef136cfd

Files

56b51014be54b7cf1b5ffb6bef136cfd
.exe windows:4 windows x86 arch:x86

9b601117d88abbd9e6604f74a15cf23e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

FillRect
MessageBoxA

gdi32

GetStockObject

winspool.drv

ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

OleCreatePictureIndirect

winmm

midiStreamOpen

comctl32

ImageList_Destroy

ws2_32

gethostbyname

Exports

Exports

�<�)��`Nb`35�;�==R�5��m>7�Z�t��D��s�p-�W�ƈ��,�!�11��!Ő��#)")~��Տs�~�L��wk� ��G1sX��]P&��y��YYO��R�z�}z�ھ�q|��Bj*��F�J��i�F��d�`7\4��V��q��X��,ۋ2��h !�� SϺ��H�|��T��P$�r�<Q5�I�Iis(2��P��#�.9bJ��-ܪ��)\� ;H��IT��6��L#��|��iů�u��5�� Z^�{��KϷ7,߂�ӏ�Ce˕��Wx�Vm��c��A��B��=� }]M��p>+��!�Q��,~v"D-�)�� Z��Q��O�$�o�l(z�)��lzz�a��̑��I�sog��&��^ڭ��,�;R��#�9��?60��[�K"��;q;Wbo h�w�"*KE�5�݌�sG��Fk�W��5�m��ҳQ��#��xV`7j�/V4%�)105�!"��'�t�8<ߧx׮��4��2�9c͇ �1��N�]V!,� �f=i�;)o7�F��I�C��;��n$@�'�d��{h��p,Jf��|��䳾�j3�$Z�:�ise�9�Φg�.ӌ��s��A��b|��gչ( �9�ӫ��<k<�l�e�l��ޙ.b��]��S��Dg�a��3r�� f�i�y��|� ��<��vd��k{ :0+� ґ�>��!w�uH�}l�:(��[ZĖ��!�V�v�I��y�� ƌ��M��;N��"��_W�6g�5VK��'��G+l{1m;A�N2|C_�ÏA��uQ�=�?�y��B��Ut�g�DY�)�=��5෥��0I��U1��E�f~Fh�@��,D^�I�s=� �A�� 2�Ň��k'�o��ل۹�Y��m5�7!j��~v��qZ�YNr�ip��@��.K�T�_[3�OSŭH��u��ҳ�g��P޼�\�W��c� !ᩴg ;�0��*p��8�f܊�2 �'<��2��G��t��$�O!G%�DI�Q��S�|7��w]|T->6� {a��u�V)��:��K��J��q��wC��v�ޛ�� Df��0$d��N��tˠV�C%;U�t1֝=_�Tӵ��rA��כ�� $�%`�-r�=#� ��$��ۢ��pgo�]��i�ŧN��.�Q��s��L&��o�o�B��Ժ�^��x��`��0(�(C)��&'��u�ןn�;�oV��`��,k��d_�2�C��NLwW?yl<��|�С��E�*�Z�M��2󠬬|F л�Ð;�Ip��.~�4:�ʪ}�|��xFr6<6�ߵ�-��@b#�&�or�̓�4��*}˦��&��eswܴ��2$��k��a��/��G��2BnӰ�b7�dYP?$�3��&�1>�)5�D��6>r=I��z�@��}��J��#��?�<��Ao�{�KƩ%��Q�)�>�@ig��E�n|��y��zuYxa��Fj�� W�(��S�eu_bC�L��_�M�%�0�{@��s:��}/f &t��@�蕅��Ö8l��?3"l�Ym��hq��ϫ�B<Ä�L�Rv@��*��h�4��J��#��r��)lw(�� :��!�O�?��I��s��B�x��P`��]Gg�S�z\U��8Gh��Yӯņ��X�� 1��h��'(5Ă�E��e/��Ã�&�o��x��!,]��߇� ��9x�� s ��sҖ�$�}�d'el��cD�%Q�IV�U��zophL�X.��:��DP�5��C��c=T�ױ��ɜ�5l�b��_}.�\<��}��sZ��U�M��p\��8��by��U}�֎0Oz6*<��ԕA��୸7�n�*�R �d�_��M��w��sa �J{��4��#��۵:�s��E��k��~�DA{��Jɛ!�l|�z�HgU��/�V��|�wQ�i��r�|50�y�K!��O.�N�5��I.}��1!�Nc��#졁��j]��-�.SgU��eYd:k>}� �֝��}� ��G��|��d|��Q�RV�v*�X�be�7��gi�:��xY� B#8�`��"��Ԣ^��*��j�w��i'tD�R�E$�C�e��1�OR��I�N��D}��;��g��Q蠞#��(�HlF7m��+��e��)�a�� w�u֔9!b�=%��"MXf>1@�S��.��Q��C�ΐyQs��>˳��I�D�� "0,��Kh7�AX�{�c-9 ��R{X_:2��B�-o��LT��<T��>j�X��Y�1��W�&��Qw�x��8ica��<��SUWnUL�,�1h [�"�a4g�;�d��h��`��؁g�h&K�o�p�~t��>� W�8�"�@�A޺jB<Ca�D*(��j��lP�ds��#\ ��^��v��b�T��Y�٤"8z��t��J��=|;��@��29q�9��S��^��l�#��n��&B��4/b�N��c�h,��Nv3�g$��>�?�2�� `��ԯa��߃�{�_�Àb&� ��#`:�QW@t�(�(�n��^I��e:5$\��kO$Fa9�Q��5s�5L~#pf�J�I�gT D�/VƑ�� d� j^и�V�O�1G/��Ȏg39jwxw��AS��Xگ�cn�� �;F.%&�t9��d��D�v��0�j?3<�Z�w��C��?��d,�8�� !�p��,K�T�QPҩT덁�� U�9]'8�'��*�i�F�lc��Y�ED��2h��g{��#s|n��x��<l�B.��A� s� ��H

Sections

.text
Size: - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b601117d88abbd9e6604f74a15cf23e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 802KB

.rdata Size: - Virtual size: 130KB

.data Size: - Virtual size: 134KB

.rsrc Size: 12KB - Virtual size: 131KB

.UPX0 Size: - Virtual size: 587KB

.tls Size: 4KB - Virtual size: 24B

.UPX1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 168B

.text
Size: - Virtual size: 802KB

.rdata
Size: - Virtual size: 130KB

.data
Size: - Virtual size: 134KB

.rsrc
Size: 12KB - Virtual size: 131KB

.UPX0
Size: - Virtual size: 587KB

.tls
Size: 4KB - Virtual size: 24B

.UPX1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 168B