9a7741330a20a213db003ffacf76d366

Sharing

Copy URL Twitter E-mail

General

Target

9a7741330a20a213db003ffacf76d366
Size

124KB
MD5

9a7741330a20a213db003ffacf76d366
SHA1

a3aab3da8154a947528af193555e9e9809d3f022
SHA256

1b0d5c150684c9625feb9a72599ff1e24fe1e6af8c50ff0d273e2b243de227a1
SHA512

dd4f35d27a2b7c7b18fc5c1446ff47b003eb4b4c7700cba0aab3f35b4f2e6712d1792a937b33a8cdd3e9f4c6744d1e884ff2629ad5a0d232116d991bccae037f
SSDEEP

1536:ZSC19eZonLmsYjRFa+hL/BCQli0105u7IbNhBkiGl5OuwDBQcdxJvffj:HfeoLmBHEGoNhmiGDOuwDBQoxRff

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a7741330a20a213db003ffacf76d366

Files

9a7741330a20a213db003ffacf76d366
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AsyncGetClassBits
AsyncInstallDistributionUnit
BindAsyncMoniker
CDLGetLongPathNameA
CDLGetLongPathNameW
CoGetClassObjectFromURL
CoInstall
CoInternetCombineUrl
CoInternetCompareUrl
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
CoInternetFeatureSettingsChanged
CoInternetGetProtocolFlags
CoInternetGetSecurityUrl
CoInternetGetSession
CoInternetIsFeatureEnabled
CoInternetIsFeatureEnabledForUrl
CoInternetIsFeatureZoneElevationEnabled
CoInternetParseUrl
CoInternetQueryInfo
CoInternetSetFeatureEnabled
CompareSecurityIds
CompatFlagsFromClsid
CopyBindInfo
CopyStgMedium
CreateAsyncBindCtx
CreateAsyncBindCtxEx
CreateFormatEnumerator
CreateURLMoniker
CreateURLMonikerEx
DispatchCall
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Extract
FaultInIEFeature
FindMediaType
FindMediaTypeClass
FindMimeFromData
GetClassFileOrMime
GetClassURL
GetComponentIDFromCLSSPEC
GetMarkOfTheWeb
GetProxyDllInfo
GetSoftwareUpdateInfo
HlinkGoBack
HlinkGoForward
HlinkNavigateMoniker
HlinkNavigateString
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
InstallFlash
IsAsyncMoniker
IsJITInProgress
IsLoggingEnabled
IsLoggingEnabledW
IsValidURL
MkParseDisplayNameEx
ObtainUserAgentString
PrivateCoInstall
RegisterBindStatusCallback
RegisterFormatEnumerator
RegisterMediaTypeClass
RegisterMediaTypes
ReleaseBindInfo
RevokeBindStatusCallback
RevokeFormatEnumerator
SetSoftwareUpdateAdvertisementState
URLDownloadA
URLDownloadToCacheFile
URLDownloadToCacheFileW
URLDownloadToFile
URLDownloadToFileW
URLDownloadW
URLOpenBlockingStream
URLOpenBlockingStreamW
URLOpenPullStream
URLOpenPullStreamW
URLOpenStream
URLOpenStreamW
UrlMkBuildVersion
UrlMkGetSessionOption
UrlMkSetSessionOption
UserFunction
UserFunctionForPEHook
WriteHitLogging
ZonesReInit

Sections

UPX0
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: 72KB - Virtual size: 72KB

UPX1 Size: 40KB - Virtual size: 40KB

UPX2 Size: 8KB - Virtual size: 8KB

UPX0
Size: 72KB - Virtual size: 72KB

UPX1
Size: 40KB - Virtual size: 40KB

UPX2
Size: 8KB - Virtual size: 8KB