8071bb14fe9670812175a03e22ad621a

Sharing

Copy URL Twitter E-mail

General

Target

8071bb14fe9670812175a03e22ad621a
Size

252KB
MD5

8071bb14fe9670812175a03e22ad621a
SHA1

d23994eecd912ced39cf4fed4b8836695f6ab79c
SHA256

e05d26621dba62ba4dd98de792d074de1c1831d55afb613a53ebb9b991d67884
SHA512

88be919aad8a64b6031ff29ed0f737671c67023bcbe977f414965e0674df04297a8514540389a6ade0a6511dbc2c1d0bed8ebded0a050fb26ec01e1e5cc52990
SSDEEP

6144:5MPlPOo/BBQSBAnTvAgy9ymAOXRsZY0/M0ZekX:evfBwwPxRsZ/M0Z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8071bb14fe9670812175a03e22ad621a

Files

8071bb14fe9670812175a03e22ad621a
.dll windows:4 windows x86 arch:x86

49df74c7527a36842cb593a3eb98c6e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\gc\DNF\bin\GcDuoSuoDll.pdb

Imports

kernel32

CreateFileW
GetPrivateProfileIntW
CloseHandle
FreeLibrary
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetModuleFileNameA
GetProfileStringW
WaitForSingleObject
SetEvent
GetCommandLineA
GetPrivateProfileIntA
TerminateThread
Sleep
InterlockedExchange
CreateEventW
GetProfileStringA
GetCurrentProcessId
FlushFileBuffers
CreateFileA
VirtualAllocEx
VirtualFreeEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GetCurrentThreadId
GetModuleHandleA
RtlZeroMemory
VirtualAlloc
VirtualFree
RtlUnwind
GetSystemDirectoryW
lstrcatW
SetFilePointer
GetLocalTime
lstrlenW
WideCharToMultiByte
WriteFile
lstrlenA
OutputDebugStringW
GetFileSize
ReadFile
MultiByteToWideChar
VirtualQueryEx
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
RaiseException

user32

EnumWindows
GetWindowThreadProcessId
FindWindowW
SendMessageW
GetWindowRect

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49df74c7527a36842cb593a3eb98c6e3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 248B

.UPX0 Size: 16KB - Virtual size: 12KB

.UPX1 Size: 20KB - Virtual size: 17KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 248B

.UPX0
Size: 16KB - Virtual size: 12KB

.UPX1
Size: 20KB - Virtual size: 17KB

.reloc
Size: 12KB - Virtual size: 9KB