731f5630aefd27bf78630631947da911

Sharing

Copy URL Twitter E-mail

General

Target

731f5630aefd27bf78630631947da911
Size

379KB
MD5

731f5630aefd27bf78630631947da911
SHA1

33efda998cd7509534bdad7b8a755cc0778293a7
SHA256

61c0c3fca520e55e9bfbe93cd7ecb2c329969f7b1146fe020a9cbebdd7e5912d
SHA512

39959ad8f7d8ab64247e7fad871a33f7cb26295b5f554103bb75122ccc2c8b52f236cab6fae908faac83819fbd2e8ee9a1e080e9fba06597ef9386f093644611
SSDEEP

6144:JTAfcfUrfAyykRsrc3HzFiRhWT2X40IXSbHRubLEtVsj:JTAfcfUroyHYcoRhWTzZd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
731f5630aefd27bf78630631947da911

Files

731f5630aefd27bf78630631947da911
.dll windows:4 windows x86 arch:x86

05ba8f9e6b200a0b6a1443bba5d9b486

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringA
CopyFileA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MoveFileExA
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
GetVolumeInformationA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

user32

CharLowerBuffA
CharNextA
DispatchMessageA
EnumThreadWindows
GetClassNameA
GetKeyboardType
GetMessageA
GetSystemMetrics
LoadStringA
MessageBoxA
SendMessageA
TranslateMessage
wsprintfA

wsock32

htons

Exports

Exports

i

Sections

UPX0
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05ba8f9e6b200a0b6a1443bba5d9b486

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

user32

wsock32

Exports

Exports

Sections

UPX0 Size: 372KB - Virtual size: 372KB

.rsrc Size: 2KB - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 372KB - Virtual size: 372KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB