7671108da099028db7029c38a5306f4f

General

Target

7671108da099028db7029c38a5306f4f
Size

147KB
MD5

7671108da099028db7029c38a5306f4f
SHA1

e42f52b586bc28e00bcae4a71fd5b2698191e28d
SHA256

a912c17cd532553f7806beae674e5043ab5bf1908c09134814bd6e03935562b4
SHA512

edf4329dda7d7d5fb9c8d8462d47f603fc4a8f2f6ec2f93a0af8f0c82d70e8c7ae791703e92c22cf0f28ad6a6724c88bf66b1f7a2df3b534425a6126665d3622
SSDEEP

768:o5pnR1ZlndDchY4bLNOFI6VlRaEaU8gmSPP:oXHdIdbLNOF5lX81o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7671108da099028db7029c38a5306f4f

Files

7671108da099028db7029c38a5306f4f
.exe windows:4 windows x86 arch:x86

a10657531bee78ffec32f10316078637

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lclose
_lread
_llseek
TerminateProcess
Sleep
_lcreat
_lopen
SetCurrentDirectoryA
WriteFile
WinExec
GlobalFree
SetFileAttributesA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetTickCount
lstrcatA
_lwrite
GetModuleHandleA
GetModuleFileNameA
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetCurrentProcess
GetComputerNameA
GetCommandLineA
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
ExitProcess
DeleteFileA
CreateProcessA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
GetSystemDirectoryA
GetProcAddress
OpenProcess
LoadLibraryA
GlobalAlloc

advapi32

RegDeleteValueA
SetSecurityInfo
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyA
AdjustTokenPrivileges
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
IsValidAcl
InitializeAcl
GetUserNameA

gdi32

GdiFlush
DeleteDC
CreateDIBSection
CreateDCA
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetDIBColorTable
DeleteObject
SelectObject

ole32

StringFromCLSID
CoCreateGuid

shell32

SHFileOperationA
ShellExecuteA

user32

IsIconic
wsprintfA
CloseWindow
CreateWindowExA
DefWindowProcA
DispatchMessageA
ExitWindowsEx
FindWindowA
GetForegroundWindow
GetMessageA
UnhookWindowsHookEx
LoadCursorA
LoadIconA
MessageBeep
MessageBoxExA
PostQuitMessage
RegisterClassExA
SendMessageA
SetWindowsHookExA
SystemParametersInfoA
TranslateMessage

wsock32

send
recv
listen
htons
closesocket
bind
accept
WSAStartup
WSACleanup
WSAAsyncSelect
socket

Sections

UPX0
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a10657531bee78ffec32f10316078637

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

shell32

user32

wsock32

Sections

UPX0 Size: 144KB - Virtual size: 144KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 144KB - Virtual size: 144KB

.avp
Size: 2KB - Virtual size: 4KB