5931d35f4cb39edefd54352491b12e28

Sharing

Copy URL Twitter E-mail

General

Target

5931d35f4cb39edefd54352491b12e28
Size

65KB
MD5

5931d35f4cb39edefd54352491b12e28
SHA1

6e931eb23ed2506558e81ed81d9a6cf4b86b20c3
SHA256

eb08db36b030173726dcada3a0bc64c1c0edf455efcbe6e934697224d807d795
SHA512

3f638f3cd3699fad170e08a87a87463e8ab75525feed4d26c8f014380f42509fc5327a37388f545257b5acb20b09a4b159599ae69fe7464c739f6af4b3433f00
SSDEEP

768:IIWLcWJceC0+AwVljKHJFSLOCE2yn6c3b6kLqN8oj:IIWLc8Z+AwXoji8206a6aPo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5931d35f4cb39edefd54352491b12e28

Files

5931d35f4cb39edefd54352491b12e28
.exe windows:4 windows x86 arch:x86

3c199c835ff62bd2596a89d0dc5bc503

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
Sleep
GetTimeFormatA
GetDateFormatA
WriteFile
FileTimeToSystemTime
GetSystemTime
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
SystemTimeToFileTime
DeleteFileA
MoveFileA
CloseHandle
RemoveDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetModuleFileNameA
GetFileTime
SetFileTime
GetFileSize
SetEndOfFile
ReadFile
CreateFileA
GetStartupInfoA
GetModuleHandleA
SetFilePointer
CreateThread
CreateDirectoryA

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

msvcrt

exit
_XcptFilter
_exit
_onexit
__dllonexit
free
_strnicmp
_acmdln
memset
strrchr
tolower
strcmp
strcat
strlen
__CxxFrameHandler
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_stricmp
_controlfp
strtoul
_except_handler3
sprintf
sscanf
??2@YAPAXI@Z
strchr
strcpy

user32

PostThreadMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA

wsock32

recv
send
ntohs
getsockname
accept
htonl
gethostname
select
inet_addr
WSACleanup
htons
WSAStartup
socket
bind
closesocket
listen
connect
inet_ntoa
gethostbyaddr
ioctlsocket
gethostbyname
getpeername

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c199c835ff62bd2596a89d0dc5bc503

Headers

File Characteristics

Imports

kernel32

advapi32

msvcp60

msvcrt

user32

wsock32

Sections

UPX0 Size: 60KB - Virtual size: 60KB

.rsrc Size: 1KB - Virtual size: 4KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 1KB - Virtual size: 4KB

.avp
Size: 3KB - Virtual size: 4KB